Introduction

As IoT devices become more widespread in critical sectors like healthcare, infrastructure, and industry, the need to protect sensitive data during execution is growing. Confidential computing addresses this by isolating workloads from potentially compromised operating systems or attackers with physical access. 

Current solutions for low-power devices, like Arm TrustZone and RISC-V TEEs, have two problems.

• Difficult for developers to use. Porting existing applications often requires rewriting code and dealing with platform-specific APIs. It is not possible to simply lift and shift existing applications to use TEEs.

• Severe performance limitation: Limited memory available, no multithreading support, and limited I/O support. These make them unsuitable for more demanding applications.

Both problems are only exacerbated when developers aim to port Agentic AI to edge devices, as these systems have high performance requirements and have complex codebases and dependencies that do not support TEEs.

While the recent development of “confidential virtual machine” technology like Arm CCA solves some of these issues, they are very resource intensive because they use virtualization technology at their core. This results in a considerable increase in power usage compared to TEEs.

This project proposes a middle ground: use WebAssembly to create a developer-friendly TEE Hardware Abstraction Layer. This layer makes porting software to a TEE as easy as recompiling it, and supports multiple types of TEEs, both on ARM and RISC-V platforms. Together with this software layer, this project will also investigate hardware modifications to improve the performance of energy efficient TEEs. The Hardware Abstraction Layer will then seamlessly adapt to the underlying hardware capabilities and use more performant functionalities when available.

Problem Statement

Current Confidential Computing solutions are either

• So bare-bones that they make application porting and development very difficult and architecture-specific.

• Based on hardware virtualization, resulting in greatly increased power usage.

There is a need for a Hardware Abstraction Layer that makes it easy to port existing applications to low-power trusted execution environments with minimal energy usage overhead.

Goals

This PhD thesis will span the divide between software and hardware.

• It will start by investigating the use of WebAssembly as a TEE HAL for both Arm TrustZone and RISC-V TEEs, to simplify porting conventional applications to low-power TEEs. This will include a deep-dive into TEE performance, power usage, and its intersection with WebAssembly.

• It will then use the knowledge gained from the first phase to design, in collaboration with the CSA expertise centre, adaptations for TEEs on low-power CPUs such as Arm and RISC-V, to further improve the performance of trusted execution environments in an energy efficient way.

The end result is to make it easier to port applications to TEEs, independent of CPU architecture, and to improve their performance.

Potential Applications

• Privacy-preserving wearables.

• Secure smart home and industrial IoT systems.

• Protecting the software of Unmanned Vehicles (UVs).

• Privacy preserving edge agentic AI.