BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

In this paper, we propose BiTDB, a built-in Trusted Execution Environment (TEE) database for embedded systems, to realize higher system availability while ensuring data confidentiality. With BiTDB, dilemmas that the state-of-the-art research work on secure embedded databases has to face can be significantly reduced and eliminated, including (i) complicated research and realization on searchable encryption algorithms (SEA), (ii) limited support to all database operations, and (iii) almost none of specific design and optimizations toward build-in TEE embedded databases. Through BiTDB, all database operations can process plaintext in TEE instead of retrieving ciphertext by developing complicated SEAs. To enable BiTDB to handle database files in Rich Execution Environment (REE) as local ones, we extend the TEE OS with generic file I/O libraries. Then, we contribute three critical optimizations to significantly reduce redundant memory and file operations between TEE and REE, and BiTDB achieve better system performance and availability in embedded systems. Finally, we have implemented the prototype system based on OP-TEE and SQLite for several typical platforms, including virtualization and hardware environments. The TPC-H test shows BiTDB can achieve 85% (on average) of the original database performance while guaranteeing data confidentiality and integrity. Our project repository is at https://github.com/CharlieMCY/BiTDB .