This figure represents the overview of the proposed mechanism and its interaction with the existing IoT system. It is proposed that peripherals (such as keypad, sensor, and fingerprint scanner) are shipped to the IoT device manufacturer together with CBOR-encoded manifest files approved and signed by a trusted authority. The IoT device manufacturer can also use self-approved signed policies. This CBOR file defines the required resources and the IoT application needs to perform its normal operation. The IoT device is configured with the policies, and TEE-Watchdog enforces the policies to protect against any malicious behaviour by the third-party software in the TEE.