WaTZ: A Trusted WebAssembly Runtime
Environment with Remote Attestation for TrustZone
Jämes Ménétrey Marcelo Pasin Pascal Felber Valerio Schiavoni
University of Neuchâtel, Switzerland
July 10-13, 2022
42nd IEEE International Conference on Distributed Computing Systems
(ICDCS ’22), Bologna, Italy 🇮🇹

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Context
Developers
Your apps
• We process and store sensitive data on edge or
IoT devices
• Developers deploy applications on those systems
they assume to be trustworthy
• How can we better protect deployed applications
and systems?
2
IoT devices
Hardware
Firmware
Premises
OS
Software stack
Your apps
Attack surface of your system

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Context (cont.)
Hardware
Firmware
Premises
OS
Software stack
Your apps
Attack surface of your system
• One way to better secure applications and systems is
to use Trusted Execution Environments (TEEs)
• There are many TEE technologies, the most
widespread on IoT devices is Arm TrustZone
• TEEs isolate applications from the rest of the system
3

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Primer on Arm TrustZone
4
Attack surface of your system
Secure world
Secure OS
TA
TA
TA
Secure Monitor
Hardware
OS
App
App
App
Hypervisor
Communication
Premises
Normal world
• TrustZone is split in two worlds
• Trusted Application (TA) is
isolated from the normal world
• Limited amount of memory in
the TEE, this reduces the size
of the attack surface
• We use OP-TEE, an open-
source trusted OS

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
OP-TEE limitations and pitfalls
5
• No POSIX API (e.g., printf), but Global Platform (GP) API
➡ Hard to write or migrate existing applications
• SDK only available for C programming language
➡ Constrained development environment
• TrustZone does not come with attestation
➡ Lack of trust when deploying applications

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
How to ease the development experience?
6

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Introduction to WebAssembly
7
• WebAssembly (Wasm) is a standard for a
lightweight bytecode format
• A compilation target for most mainstream
programming languages
• Initially meant for the web, can be used
anywhere today
• Include WebAssembly System Interface
(WASI) for system interactions
Image: Standardising WASI, Mozilla, 2020
developer
WebAssembly
runtime
clang
user
cargo tinygo

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ1: Challenges when embedding Wasm into TrustZone
8
• Interoperability: Leverage WASI to replace POSIX and deliver features
bound to the TEE
• Performance: Execution of ahead-of-time compiled Wasm binaries
App
Secure world
Normal world
Suppl.
Trusted app
Wasm runtime
WASI
Secure OS
Wasm app
RPC
OS
GP
Wasm app Contributions

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ1: Results
9
• Language agnostic: Wasm introduces an intermediate bytecode, enabling to
use various programming languages
• Abstraction: Wasm applications no longer depend on TEE-specific concerns
• Sandbox: The hosted app and the secure OS are mutually distrusted
App
Secure world
Normal world
Suppl.
Trusted app
Wasm runtime
WASI
Secure OS
Wasm app
RPC
OS
GP
Wasm app Contributions

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ1: Contributions
10
• An embedded Wasm
runtime in the TEE to
abstract TEE-specific
concerns for the hosted
applications, called WaTZ
• An easy way to run
applications in the TEE
Secure world
Secure OS
TA
WaTZ
TA
Secure Monitor
Hardware
OS
App
App
App
Hypervisor
Communication
Premises
Normal world Wasm
App
Contributions

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ2: How to trust a remotely executed application?
11

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Attestation of applications
• Attestation is a way to prove the trustworthiness of a piece of software
• TEEs help obtaining such a proof, called evidence
• Remote attestation provides this proof for remotely executed software
• Remote attestation is present in many state-of-the-art TEEs, such as
Intel SGX, but is missing from TrustZone
12

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Remote attestation primer
Attester
(TrustZone)
Veri
fi
er
Reference Value
Provider
13
Reference values
=
?
Provision references values
Forward results
Evidence
Claims
H( )
Code
measurement
Issue evidence
Provision confidential data
Relying party

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ2: Trust remote execution of Wasm applications
14
• Root of Trust: A secret value
only available in the secure
world for signature
• Secure boot: The system
cannot be booted without
signed bootloader and OS
Secure world
Secure OS
Firmware
Hardware
OS
Hypervisor
Normal world
Boot
Root of trust
Verify
Verify
Start

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
⑤ Provision data
RQ2: Protocol for remote attestation
15
• Protocol: Inspired by SIGMA and Intel SGX, enables us to authenticate
remotely executing Wasm applications and detect genuine platforms
Wasm runtime
(TA)
Attestation service
(Secure OS)
Cloud
(Veri
fi
er)
① Challenge
② Request signing
Code measurement
(Wasm bytecode)
③ Send Evidence
④ Forward evidence
Download certificates
Certi
fi
cates catalog
Extract
public key
IoT device

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ2: Contributions
16
• The foundation to protect
the platform and infer trust
• A remote attestation
protocol to establish trust
with remote Wasm software
Secure world
Secure OS
TA
WaTZ
TA
Firmware
Hardware
OS
App
App
Hypervisor
Communication
Premises
Normal world Wasm
App
Veri
fi
er
Cloud
Trust insurance &
data provisioning
Root of
trust
Verify
Verify
Attestation
service
Contributions

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
RQ3: What about performance?
17

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
2mm
3mm
adi ata
bic
cho
cor
cov
der
doi
dur
f2d
flo gem
ges
gev
gra
h3d
j1d
j2d
lu
lud
mvt nus
s2d
s2k
sym
syr
tri
trm
0
1
2
3
4
1.14
1.16
1.03
1.47
1.26
1.29
1.07
1.06
1.15
1.25
1.49
1.83
1.13
2.47
1.15
1.26
1.03
1.47
1.98
1.77
1.1
1.27
1.13
1.35
1.12
1.72
1.1
1.89
1.14
1.09
1.13
1.15
1.03
1.47
1.26
1.29
1.07
1.06
1.14
1.24
1.49
1.82
1.13
2.46
1.16
1.27
1.03
1.47
1.99
1.76
1.1
1.27
1.14
1.33
1.12
1.72
1.1
1.88
1.15
1.08
Normalised
run
time
J
better
Native: REE (= 1) Wasm: REE (WAMR) TEE (WaTZ)
Wasm performance: micro-benchmarks
18
Polybench/C: slowdown of 1.34x compared to native
• Polybench/C is a compiler performance benchmark
We made these

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
160 161 170 320 140 145 240 142 280 310 230 150 410 260 110
0
1
2
3
4
0.99
0.98
1.01
0.99
1.3
1.14
1.2
1.18
1.22
1.18
1.4
1.38
1.1
0.96
1.28
1.85
1.88
1.89
1.96
1.94
1.98
1.96
1.96
1.95
1.99
2.05
2.01
2.1
2.09
2.08
1.85
1.87
1.91
1.94
1.94
1.96
1.97
1.97
1.97
2.03
2.04
2.06
2.08
2.09
2.1
Native: REE (= 1) TEE Wasm: REE (WAMR) TEE (WaTZ)
130 100 980 250 400 270 510 120 300 210 190 180 290 990 500 520
0
1
2
3
4
1
1.3
1.23
1.62
1.51
1.34
1.22
1.5
1.74
1.27
1.71
1.7
1.66
1.28
1.53
1.78
2.12
2.11
2.06
2.14
2.15
2.14
2.23
2.22
2.21
2.2
2.22
2.23
2.23
2.32
2.32
2.52
2.1
2.11
2.12
2.13
2.14
2.18
2.23
2.24
2.26
2.26
2.28
2.28
2.28
2.3
2.35
2.54
Normalised
run
time
J
better
Wasm performance: macro-benchmarks
19
SQLite Speedtest1 benchmarks
Native (REE)
Wasm (REE)
Native (TEE)
Wasm (TEE)
2.1x
1.31x
1.01x
1.62x
2.12x
We made these
We made these

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Wasm attestation: benchmarks
20
• We tested the remote attestation protocol using Genann, a neural network
library
• The Wasm application has access to API to control the remote attestation
process: handshake, collect_quote, send_quote and receive_data
Wasm runtime
Genann
Cloud
(Veri
fi
er)
handshake
Secure OS
collect_quote
send_quote
receive_data

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
handshake collect quote send quote Baseline
1.34 s 239 ms 1 ms 1.58 s
,! Baseline Size receive data Total
1.58 s 0.1 MB 168 ms 1.75 s
1.58 s 1 MB 209 ms 1.79 s
Wasm attestation: benchmarks
21
0 2 4 6 8 10 12 14 16 18
0.5
1.0
1.5
2.0
2.5
3.0
Time [ms] (J Lower is better)
Data
size
[MB]
Encrypt Decrypt
Execution time of the function receive_data
in more details
Time taken for the receive_data based on the size of the data
handshake collect quote send quote Baseline
1.34 s 239 ms 1 ms 1.58 s
,! Baseline Size receive data Total
1.58 s 0.1 MB 168 ms 1.75 s
1.58 s 1 MB 209 ms 1.79 s
Execution time of the functions handshake, collect_quote and send_quote

Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22
Thanks for your attention!
Takeaway
• WaTZ is a trusted WebAssembly runtime in TrustZone for edge and IoT devices with
sufficient performance for practical deployments
• Applications compiled into WebAssembly do not need to be modified, as long as the
system calls are covered by WASI
• Remote attestation is supported thanks to additional hardware components and
integration in the Wasm runtime
• WaTZ is open-source with all the instructions to reproduce the experiments
22
Read me online!