StreamBox-TZ: A Secure IoT Analytics Engine at the Edge
share
We present StreamBox-TZ, a stream analytics engine for an edge platform. StreamBox-TZ offers strong data security, verifiable results, and compelling performance. StreamBox-TZ isolates the data and its computations in a trusted execution environment (TEE) on the edge, shielding them from the remaining edge software stack which we deem untrusted. StreamBox-TZ addresses two major challenges: (1) executing high-throughput, low-delay stream analytics in a single TEE, which is constrained by a low trusted computing base (TCB) and limited physical memory; (2) verifying execution of stream analytics as the execution involves untrusted software components on the edge. StreamBox-TZ contributes a data plane designed and optimized for a TEE on the edge. It supports continuous remote attestation for analytics correctness and result freshness while incurring low network bandwidth overhead. Built on ARM TrustZone, StreamBox-TZ only adds 42.5 KB executable to the trusted computing base (16 events up to 140 MB/sec (12M events/sec) with sub-second delay, outperforming popular engines by one order of magnitude in throughput. The overhead incurred by StreamBox-TZ's security mechanism is less than 25
READ FULL TEXT