Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

What You Trust Is Insecure: Demystifying How Developers (Mis)Use Trusted Execution Environments in Practice

Yuqing Niu, Jieke Shi, Ruidong Han, Ye Liu, Chengyan Ma, Yunbo Lyu, David Lo

TL;DR

This study provides the first large-scale, data-driven view of how developers actually use TEEs in practice, revealing a mismatch between theoretical security guarantees and real-world implementations. By analyzing 241 open-source projects across SGX and TrustZone, the authors show that IoT security dominates TEE usage, that many implementations re-create cryptographic primitives due to SDK usability gaps, and that a significant fraction of projects exhibit insecure practices. The work highlights practical usability gaps in TEE SDKs, proposes actionable implications for SDK designers and tooling, and suggests directions for safer, more accessible TEE development to better translate hardware isolation into trustworthy software.

Abstract

Trusted Execution Environments (TEEs), such as Intel SGX and ARM TrustZone, provide isolated regions of CPU and memory for secure computation and are increasingly used to protect sensitive data and code across diverse application domains. However, little is known about how developers actually use TEEs in practice. This paper presents the first large-scale empirical study of real-world TEE applications. We collected and analyzed 241 open-source projects from GitHub that utilize the two most widely-adopted TEEs, Intel SGX and ARM TrustZone. By combining manual inspection with customized static analysis scripts, we examined their adoption contexts, usage patterns, and development practices across three phases. First, we categorized the projects into 8 application domains and identified trends in TEE adoption over time. We found that the dominant use case is IoT device security (30%), which contrasts sharply with prior academic focus on blockchain and cryptographic systems (7%), while AI model protection (12%) is rapidly emerging as a growing domain. Second, we analyzed how TEEs are integrated into software and observed that 32.4% of the projects reimplement cryptographic functionalities instead of using official SDK APIs, suggesting that current SDKs may have limited usability and portability to meet developers' practical needs. Third, we examined security practices through manual inspection and found that 25.3% (61 of 241) of the projects exhibit insecure coding behaviors when using TEEs, such as hardcoded secrets and missing input validation, which undermine their intended security guarantees. Our findings have important implications for improving the usability of TEE SDKs and supporting developers in trusted software development.

What You Trust Is Insecure: Demystifying How Developers (Mis)Use Trusted Execution Environments in Practice

TL;DR

This study provides the first large-scale, data-driven view of how developers actually use TEEs in practice, revealing a mismatch between theoretical security guarantees and real-world implementations. By analyzing 241 open-source projects across SGX and TrustZone, the authors show that IoT security dominates TEE usage, that many implementations re-create cryptographic primitives due to SDK usability gaps, and that a significant fraction of projects exhibit insecure practices. The work highlights practical usability gaps in TEE SDKs, proposes actionable implications for SDK designers and tooling, and suggests directions for safer, more accessible TEE development to better translate hardware isolation into trustworthy software.

Abstract

Trusted Execution Environments (TEEs), such as Intel SGX and ARM TrustZone, provide isolated regions of CPU and memory for secure computation and are increasingly used to protect sensitive data and code across diverse application domains. However, little is known about how developers actually use TEEs in practice. This paper presents the first large-scale empirical study of real-world TEE applications. We collected and analyzed 241 open-source projects from GitHub that utilize the two most widely-adopted TEEs, Intel SGX and ARM TrustZone. By combining manual inspection with customized static analysis scripts, we examined their adoption contexts, usage patterns, and development practices across three phases. First, we categorized the projects into 8 application domains and identified trends in TEE adoption over time. We found that the dominant use case is IoT device security (30%), which contrasts sharply with prior academic focus on blockchain and cryptographic systems (7%), while AI model protection (12%) is rapidly emerging as a growing domain. Second, we analyzed how TEEs are integrated into software and observed that 32.4% of the projects reimplement cryptographic functionalities instead of using official SDK APIs, suggesting that current SDKs may have limited usability and portability to meet developers' practical needs. Third, we examined security practices through manual inspection and found that 25.3% (61 of 241) of the projects exhibit insecure coding behaviors when using TEEs, such as hardcoded secrets and missing input validation, which undermine their intended security guarantees. Our findings have important implications for improving the usability of TEE SDKs and supporting developers in trusted software development.

Paper Structure

This paper contains 12 sections, 2 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background & Related Work
  3. Trusted Execution Environments
  4. Research Landscape on TEE Usability and Adoption
  5. Data Collection & Labeling
  6. Empirical Results and Findings
  7. RQ1: In which domains are TEEs adopted in practice?
  8. RQ2: What are the prevailing patterns in TEE development?
  9. RQ3: What insecure practices and pitfalls are prevalent in real-world TEE projects?
  10. Discussion
  11. Threats to Validity
  12. Conclusion and Future Work

Figures (2)

  • Figure 1: Typical architecture of Trusted Execution Environments.
  • Figure 2: Cumulative growth of TEE projects by domain (2011-2025).