Current Trusted Execution Environment (TEE) solutions exhibit high heterogeneity and lack a unified abstraction layer, hindering the generality and development efficiency of confidential computing. Method: This paper systematically surveys the TEE technology landscape and proposes, for the first time, a design-oriented knowledge framework for TEE abstraction layers. Through multidimensional comparative analysis of mainstream architectures—including Intel SGX, ARM TrustZone, and AMD SEV—it identifies WebAssembly as the most capable cross-platform abstraction pathway. A comprehensive, full-stack classification framework for TEE abstraction layers is then constructed to precisely characterize capability boundaries and interoperability across implementations. Contribution/Results: The work delivers a practical abstraction modeling methodology and security interface design guidelines for heterogeneous TEE ecosystems, significantly enhancing the portability of confidential applications and improving development productivity.

Trusted Execution Environments (TEEs) protect sensitive code and data from the operating system, hypervisor, or other untrusted software. Different solutions exist, each proposing different features. Abstraction layers aim to unify the ecosystem, allowing application developers and system administrators to leverage confidential computing as broadly and efficiently as possible. We start with an overview of representative available TEE technologies. We describe and summarize each TEE ecosystem, classifying them in different categories depending on their main design choices. Then, we propose a systematization of knowledge focusing on different abstraction layers around each design choice. We describe the underlying technologies of each design, as well as the inner workings and features of each abstraction layer. Our study reveals opportunities for improving existing abstraction layer solutions. It also highlights WebAssembly, a promising approach that supports the largest set of features. We close with a discussion on future directions for research, such as how future abstraction layers may evolve and integrate with the confidential computing ecosystem.