What is Trusted Execution Environment?

Definition

A Trusted Execution Environment (TEE) is a hardware-backed isolated execution environment within a device that provides confidentiality and integrity for code and data loaded into it. It runs alongside the main operating system but is logically and physically separated to prevent unauthorized access or modification by regular applications or even a compromised OS.

In privacy- and security-sensitive systems, TEE is used to protect cryptographic keys, authentication logic, and critical parts of application code, including components responsible for anonymization of image and video data.

Architecture and main components

TEE architectures typically rely on a split between a trusted world and a normal world. The trusted world hosts a minimal operating system and trusted applications, while the normal world runs a full-featured OS and regular applications.

• Trusted OS / Secure World - a small, hardened operating system running inside the TEE.
• Trusted Applications (TA) - security-sensitive components, such as crypto modules or anonymization logic.
• Normal OS / Rich OS - the main operating system running user applications.
• Secure Monitor - mechanism for switching execution between trusted and normal worlds.
• Hardware isolation features - CPU and SoC extensions providing memory and execution isolation.

Threat model and security properties

TEE is designed to protect against adversaries who control or can compromise the normal operating system, while assuming that hardware and low-level firmware remain trustworthy. Specific guarantees depend on the implementation and certification level.

• Isolation of trusted code and data from normal-world applications and OS.
• Protection of cryptographic material and sensitive configuration data.
• Support for secure boot and measured boot chains to ensure trusted code execution.
• Remote attestation capabilities to prove TEE state to external verifiers.
• Partial or limited protection against physical and side-channel attacks, depending on platform design.

Key metrics and evaluation criteria

When assessing a TEE in the context of processing sensitive visual data, both security and performance characteristics must be considered. The table below presents typical criteria.

Relevance to image and video anonymization

TEE can be used to protect the most sensitive parts of an anonymization pipeline, especially in scenarios where raw, non-anonymized footage is processed on edge devices or in on-premise infrastructures. Executing anonymization logic inside TEE can significantly reduce the risk of unauthorized access to identifiable visual data.

• Secure storage of encryption keys for video recordings and anonymized outputs.
• Running face, license plate, and object detection modules inside TEE to limit exposure of raw frames.
• Using TEE-based attestation to prove that footage has been processed by trusted anonymization code.
• Restricting privileged users from bypassing anonymization steps by enforcing policies at TEE level.
• Supporting privacy-preserving edge processing where video never leaves the device in clear form.

Challenges and limitations

Despite strong isolation guarantees, TEE does not solve all security problems. Its real-world effectiveness depends on correct implementation, rigorous updates, and integration with higher-level security controls.

• Limited memory and compute capacity inside TEE, which constrains ML model size and complexity.
• Potential vulnerabilities in firmware, bootloaders, or trusted OS implementations.
• Susceptibility to side-channel attacks if additional mitigations are not applied.
• Complexity of integrating TEE into existing software stacks and CI/CD pipelines.
• Difficulties in debugging and monitoring code running inside the trusted environment.