Formal Verification of a Trusted Execution Environment-Based Architecture for IoT Applications

Abstract

The Internet-of-Things (IoT) scenarios commonly present security and privacy concerns, either due to the processing constraints of devices or the employment of external servers to process and store data, for instance, in cloud-based IoT applications. In this sense, to protect data and decrease user distrust in external entities, security technologies are of utmost importance. Trusted execution environments (TEEs), which process data in an isolated and protected region of memory, are among these technologies. We focus on a trusted architecture solution based on the use of TEEs and the application of authentication, authorization, and encryption mechanisms to protect data in IoT applications. We specified the trusted IoT architecture (TIoTA) using hierarchical colored Petri nets, and performed simulations and model checking of key security properties related to desired and prohibited behaviors, enabling model-based testing. This article enhances the state of the art by providing project artifacts (e.g., executable and parametric models) for correctly implementing the TIoTA and by presenting evidence that the usage of the architecture can improve security and privacy.