Abstract:TrustZone as a trusted execution environment (TEE) has been proven to preserve the confidentiality of blockchain transactions supported by smart contracts. Despite some academic effort, TrustZone can only support limited languages for now. The lack of the corresponding execution environment for smart contracts seriously hinders blockchain applications from directly running on TrustZone. In this paper, we design the first virtual execution environment named TSC-VEE for performing Solidity smart contracts on TrustZone, to the best of our knowledge. TSC-VEE can be decomposed into fourfold: (1) an instruction set adapted to the isolation and world switching mechanism of TrustZone. (2) a runtime memory management mechanism that provides a pair of instructions with the corresponding processing mechanism to allocate and release the work memory. (3) a hybrid granularity resource analysis algorithm which computes and records the value of maximum stack height and static gas cost through bytecode pre-execution, avoiding runtime overflow and invalid computations. (4) a cross-isolation-environment prefetching approach that supports loading and storing the storage data from the normal world into the secure world on TrustZone before execution, thus avoiding switching the world state frequently at runtime. Extensive experimental results show that TSC-VEE can perform smart contracts correctly and efficiently on TrustZone. Compared with the most commonly used Ethereum client—Geth, TSC-VEE achieves execution performance improvements by $9.29 imes$9.29×. We also implement the Ethereum virtual machine—evmone on TrustZone. TSC-VEE can reduce the latency by 12.63% with our optimization techniques, and decrease the work memory footprint by 22.95% on average when executing various scale contracts.

TSC-VEE: A TrustZone-Based Smart Contract Virtual Execution Environment

Dtee: A Declarative Approach to Secure IoT Applications Using TrustZone

The Road to Trust: Building Enclaves within Confidential VMs

Trusted Computing Base Using Virtualization Platform

Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution

A Trustenclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals

Composite Enclaves: Towards Disaggregated Trusted Execution

HyperEnclave: an Open and Cross-platform Trusted Execution Environment

Towards Trust Proof for Secure Confidential Virtual Machines

TZ4Fabric: Executing Smart Contracts with ARM TrustZone

Bringing Smart Contract Confidentiality Via Trusted Hardware: Fact and Fiction

App Developer Centric Trusted Execution Environment

MECAT: Memory-Safe Smart Contracts in ARM TrustZone

SoK: TEE-Assisted Confidential Smart Contract

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

App Developer Centric Trusted Execution Environment.

An Experimental Evaluation of TEE technology Evolution: Benchmarking Transparent Approaches based on SGX, SEV, and TDX

TRUST: A Toolkit for TEE-Assisted Secure Outsourced Computation over Integers

Query Authentication Using Intel SGX for Blockchain Light Clients

Building Your Own Trusted Execution Environments Using FPGA