Commodity operating systems are considered vulnerable. Therefore, when an application handles security-sensitive data, it is highly recommended to run the application in a trusted execution environment. In response to this demand, hardware-based trusted execution environments such as Intel SGX and ARM TrustZone have been developed in commodity computers. However, hardware-based approaches cannot be quickly upgraded to address design vulnerabilities or to reflect customer feedback. In this paper, we propose SofTEE, a software framework to support a trusted execution environment for user applications. For a trusted execution environment, SofTEE should support memory isolation and attestation. For memory isolation, SofTEE relies on kernel deprivileging which delegates the execution of privileged operations such as memory management, from a kernel to a special module called a security monitor. To reduce the overhead of switching between the deprivileged kernel and the security monitor, SofTEE proposes an efficient management mechanism of the address space identifier. SofTEE supports attestation by assuming minimal hardware functionalities of random entropy and root of trust. The main challenge of SofTEE is to guarantee security properties like confidentiality and integrity of security-sensitive applications. For security analysis, we have identified security invariants that SofTEE should meet for confidentiality and integrity guarantees. Based on the security invariants, we have designed and prototyped each component of SofTEE on a Raspberry Pi 3 board. SofTEE produces about 3% overhead in case of a security-sensitive application with long execution time and 23% overhead in case of a security-sensitive application with short execution time.
