A trio of Intel boffins have broken a vendor lock-down on trusted execution environments (TEEs) with the release of an open source framework that could help developers to build more secure apps.
Intel wonks Brian McGillion, Tanel Dettenborn, and Thomas Nyman (plus N. Asokan of Aalto University and University of Helsinki) released the OpenTEE software framework for developers as an alternative to expensive or non-existent TEE tools.
Developers can use what the team calls an efficient and easy-to-use tool to develop and debug trusted applications such that it can be compiled for any hardware TEE.
"Despite widespread deployment of hardware-based TEEs in mobile devices, application developers have lacked the interfaces to use TEE functionality to protect their applications and services," the authors write in the paper Open-TEE — An Open Virtual Trusted Execution Environment [PDF ].
Software development kits for TEE application development are often proprietary or expensive. Debugging low-level TEE applications either requires expensive hardware debugging tools, or leaves the developer with only primitive debugging techniques, such as "print tracing".
"Given the demonstrable usability benefits, we recommend that organisations who develop applications for TEEs should consider incorporating Open-TEE into their development process," they said.
Hardware TEEs are isolated from rich operating environments to handle sensitive data and have existed in mobile devices for the last decade, but applications have been limited to vendor products, the authors say.
The OpenTEE framework conforms to the GlobalPlatform specifications on TEEs and was praised by Trusted Application developers who tested it as part of the research.
Last year, three researchers pointed out [PDF here] how TEEs are a wasted opportunity due to the lack of applications utilising the framework. Much of the blame was heaped on a lack of means by which developers could build to TEE standards, but the authors are optimistic that the field will open up with time.
The project is part of the Intel Collaborative Research Institute for Secure Computing which is a collaborative effort involving three universities, with Open-TEE is led by the Secure Systems group at Aalto University, Finland.
The Intel team says they hope the tool will expand the number of developers working in the field and note they will extend the tool so that it works with other application interfaces. ®