Mimer Trust: Efficient and Secure Data Processing for Trusted Execution Environment in Automotive Systems

Abstract

Trusted Execution Environment (TEE) is an effective mechanism to protect sensitive data against adversaries in automotive systems. However, its clear isolation of secured world from the normal world also restricts data sharing between the trusted and normal applications, which is desired in many modern vehicles. We propose Mimer Trust, a solution based on Mimer SQL and Trustonic TEE, to achieve fine-grained access control and efficient data sharing between the two worlds. Our solution builds up a relational storage for the secure data in TEE, which are originally stored as simple binary objects. We provide a high-level API to manipulate the secure data, and introduce SQL extensions to allow normal applications to access the TEE data with ordinary SQL statements and rich data types. Since all data access is made through the database server, privileges can be granted specifically to normal applications, which achieves fine-grained access control over the secure data. We also employ encryption of data as well as of data communication to protect the information. We explain our solution in details, and show how it is integrated in embedded system development. We demonstrate our solution on real devices, and conclude that Mimer Trust can improve the efficiency of data sharing between the secure and the normal worlds, enrich embedded application scenarios, and reduce development costs in the automotive systems.