TZ-DATASHIELD: Automated Data Protection for Embedded Systems via Data-Flow-Based Compartmentalization
Zelun Kong
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Trusted Hardware and Execution
Microcontroller Units (MCUs) form the backbone of countless critical embedded systems, from healthcare devices and industrial automation to autonomous vehicles. Despite their pervasive use in sensitive applications, the software running on these MCUs frequently lacks robust security mechanisms, leaving them highly vulnerable to sophisticated attacks. These vulnerabilities can lead to the compromise of sensitive data—whether it's private sensor readings or critical actuator commands—threatening both the confidentiality and integrity of the system. The TZ-DATASHIELD framework, presented by Zelun Kong at the NDSS Symposium, offers an innovative, automated solution to this pressing problem.
AI review
Solid academic systems-security paper dressed as a conference talk. The SDF-based compartmentalization using backward/forward slicing on TrustZone-M is a genuine technical contribution with real evaluation numbers, but this is NDSS paper material — competent and reproducible, not paradigm-shifting. The 80% address-space reduction and 90% ROP gadget reduction sound impressive until you ask hard questions about the threat model and annotation burden.