International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

TESLA: Trusted Execution Support for Legacy Embedded Applications

Authors:
Saltanat Firdous Allaqband
Asutosh Brahma
Sai Venkata Krishnan V
Arjun Menon
Chester Rebeiro
Download:
DOI: 10.46586/tches.v2025.i4.899-924
URL: https://tches.iacr.org/index.php/TCHES/article/view/12433
Search ePrint
Search Google
Abstract: Legacy applications continue to be widely used in embedded systems, despite high maintenance costs, primarily due to the challenges involved in modifying them. Traditional Trusted Execution Environments (TEEs), though valuable for securing sensitive computations, fall short in supporting these legacy workloads. Most existing TEEs require significant application modifications, or incur high system call overheads. Additionally, TEEs often enforce fixed enclave sizes failing to accommodate the dynamic memory needs of applications. Many do not consider the security of I/O operations, and those that do, expand the Trusted Computing Base (TCB) significantly, weakening the TEE.We present TESLA, a novel TEE architecture designed to natively support the execution of unmodified legacy applications on embedded systems. TESLA introduces Fluid Enclaves, which dynamically adjust enclave sizes based on the application’s runtime memory requirements. To minimize system call overheads, TESLA introduces Enclave Windows that permit an untrusted Operating System temporary access to system call parameters within the enclave. TESLA also ensures confidentiality and integrity of I/O data exchanged between enclaves and peripherals. We have implemented a prototype of TESLA on a RISC-V processor running the Linux kernel, synthesizing it on an FPGA to demonstrate its feasibility. The evaluation quantifies the hardware and runtime performance overheads, demonstrating TESLA’s practicality and effectiveness in overcoming key limitations of existing TEEs.
BibTeX
@article{tches-2025-35997,
  title={TESLA: Trusted Execution Support for Legacy Embedded Applications},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2025},
  pages={899-924},
  url={https://tches.iacr.org/index.php/TCHES/article/view/12433},
  doi={10.46586/tches.v2025.i4.899-924},
  author={Saltanat Firdous Allaqband and Asutosh Brahma and Sai Venkata Krishnan V and Arjun Menon and Chester Rebeiro},
  year=2025
}