More Web Proxy on the site http://driver.im/

research-article

TEEv: virtualizing trusted execution environments on mobile platforms

Authors:

Binyu ZangAuthors Info & Claims

VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Pages 2 - 16

https://doi.org/10.1145/3313808.3313810

Published: 14 April 2019 Publication History

Abstract

Trusted Execution Environments (TEE) are widely deployed, especially on smartphones. A recent trend in TEE development is the transition from vendor-controlled, single-purpose TEEs to open TEEs that host Trusted Applications (TAs) from multiple sources with independent tasks. This transition is expected to create a TA ecosystem needed for providing stronger and customized security to apps and OS running in the Rich Execution Environment (REE). However, the transition also poses two security challenges: enlarged attack surface resulted from the increased complexity of TAs and TEEs; the lack of trust (or isolation) among TAs and the TEE.

In this paper, we first present a comprehensive analysis on the recent CVEs related to TEE and the need of multiple TEE scheme. We then propose TEEv, a TEE virtualization architecture that supports multiple isolated, restricted TEE instances (i.e., vTEEs) running concurrently. Relying on a tiny hypervisor (we call it TEE-visor), TEEv allows TEE instances from different vendors to run in isolation on the same smartphone and to host their own TAs. Therefore, a compromised vTEE cannot affect its peers or REE; TAs no longer have to run in untrusted/unsuitable TEEs. We have implemented TEEv on a development board and a real smartphone, which runs multiple commercial TEE instances from different vendors with very small porting effort. Our evaluation results show that TEEv can isolate vTEEs and defend all known attacks on TEE with only mild performance overhead.

References

[1]

2017. Google Project Zero. https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html.

[2]

2017. Introducing 2017s extensions to the Arm Architecture. https://community.arm.com/processors/b/blog/posts/introducing-2017s-extensions-to-the-arm-architecture.

[3]

2018. Alipay Member Protection. https://intl.alipay.com/ihome/user/protect/memberProtect.htm.

[4]

2018. Android Fingerprint HAL. https://source.android.com/security/authentication/fingerprint-hal.

[5]

2018. Android Gatekeeper. https://source.android.com/security/keystore.

[6]

2018. Android Hardware-backed Keystore. https://source.android.com/security/keystore.

[7]

2018. Antutu-benchmark. https://play.google.com/store/apps/details?id=com.google.android.stardroid&hl=en.

[8]

2018. ARM Cortex-A57 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0488c/CHDDDHFD.html.

[9]

2018. ARM Cortex-A72 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.100095_0001_02_en/way1381846769141.html.

[10]

2018. GlobalPlatform. https://www.globalplatform.org/.

[11]

2018. Google Trusty. https://source.android.com/security/trusty/.

[12]

2018. OP-TEE. https://github.com/OP-TEE/.

[13]

2018. open virtualization. http://www.openvirtualization.org.

[14]

2018. Prove & Run. http://www.provenrun.com/.

[15]

2018. Qualcomm Security. https://www.qualcomm.com/products/snapdragon/security.

[16]

2018. SierraTEE. https://www.sierraware.com/open-source-ARM-TrustZone.html.

[17]

2018. TLB Lockdown Registers. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0344h/Cihjdehg.html.

[18]

2018. TrustKernel T6. https://trustkernel.com.

[19]

2018. Trustonic Inc. https://www.trustonic.com/.

[20]

2018. Xen ARM with Virtualization Extensions. http://xenproject.org.

[21]

Tiago Alves and Don Felton. 2004. TrustZone: Integrated hardware and software security. ARM white paper 3, 4 (2004), 18-24.

[22]

ARM. 2016. Connected devices need e-commerce standard security say cyber security experts. https://goo.gl/1ePiQC.

[23]

Ahmed M Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 90-102.

Digital Library

[24]

Ahmed M Azab, Kirk Swidowski, Jia Ma Bhutkar, Wenbo Shen, Ruowen Wang, and Peng Ning. 2016. Skee: A lightweight secure kernel-level execution environment for arm. In Network & Distributed System Security Symposium (NDSS).

[25]

Please! Bits. 2016. QSEE privilege escalation vulnerability and exploit (CVE-2015-6639). http://bits-please.blogspot.hk/2016/05/qsee-privilege-escalation-vulnerability.html.

[26]

Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang, Pen-chung Yew, and Wenbo Mao. 2007. Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor. Parallel Processing Institute Technical Report FDUPPITR-2007-08001 (2007).

[27]

X. Chen, T. Garfinkel, E.C. Lewis, P. Subrahmanyam, C.A. Waldspurger, D. Boneh, J. Dwoskin, and D.R.K. Ports. 2008. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In Proc. ASPLOS. ACM, 2-13.

Digital Library

[28]

Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. 2016. Shreds: Fine-grained execution units with private memory. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 56-71.

[29]

Yeongpil Cho, Donghyun Kown, Hayoon Yi, and Yunheung Paek. 2017. Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM. In NDSS.

[30]

Jason Nieh Christoffer Dall. 2014. KVM/ARM:The Design and Implementation of Linux ARM Hypervisor. In ASPLOS.

[31]

John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual Ghost: Protecting applications from hostile operating systems. ACM SIGARCH Computer Architecture News 42, 1 (2014), 81-96.

Digital Library

[32]

John Criswell, Nicolas Geoffray, and Vikram S Adve. 2009. Memory Safety for Low-Level Software/Hardware Interactions. In USENIX Security Symposium. 83-100.

Digital Library

[33]

Christoffer Dall, Shih-Wei Li, Jin Tack Lim, Jason Nieh, and Georgios Koloventzos. 2016. ARM virtualization: performance and architectural implications. In Proceedings of the 43rd International Symposium on Computer Architecture. IEEE Press, 304-316.

Digital Library

[34]

Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, and Vikram Adve. 2015. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 191-206.

Digital Library

[35]

Zhichao Hua, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, and Haibing Guan. 2017. vTZ: Virtualizing ARM TrustZone. In USENIX Security.

Digital Library

[36]

Joo-Young Hwang, Sang-Bum Suh, Sung-Kwan Heo, Chan-Ju Park, Jae-Min Ryu, Seong-Yeol Park, and Chul-Ryun Kim. 2008. Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones. In Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE. IEEE, 257-261.

[37]

Apple Inc. 2016. iOS Security Guide. https://www.apple.com/business/docs/iOS_Security_Guide.pdf.

[38]

Huawei Inc. 2016. Built-in TEE chip for enhanced security for your private data. http://phoneproscons.com/716/huawei-honormagic/352/built-in-tee-chip-for-enhanced-security-for-your-privatedata/.

[39]

Samsung Inc. 2018. Samsung KNOX. https://www.samsungknox.com/en/knox-platform/knox-security.

[40]

J, S Hwang, S Suh, C Heo, J Park, S Ryu, C Park, and Kim. 2008. Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones. In IEEE CCNC.

[41]

Youngjin Kwon, Alan M Dunn, Michael Z Lee, Owen S Hofmann, Yuanzhong Xu, and Emmett Witchel. 2016. Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services. In Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 277-290.

Digital Library

[42]

Yanlin Li, Jonathan McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In 2014 USENIX Annual Technical Conference (USENIX ATC 14). 409-420.

Digital Library

[43]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18).

Digital Library

[44]

Aravind Machiry, Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2017. BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments. (2017).

[45]

Nuno Santos, Rodrigo Rodrigues, Krishna P Gummadi, and Stefan Saroiu. 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In Usenix Security.

Digital Library

[46]

Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. Black Hat 15 (2015).

[47]

A. Seshadri, M. Luk, N. Qu, and A. Perrig. 2007. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proc. SOSP.

Digital Library

[48]

Lei Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Haibing Guan, and Jinming Li. 2017. Deconstructing Xen. In NDSS.

[49]

Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th symposium on Operating systems design and implementation. USENIX Association, 279-292.

Digital Library

[50]

TrustKernel. 2018. TrustKernel TEEReady. https://dev.trustkernel.com/ready.

[51]

Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. 2009. Countering kernel rootkits with lightweight hook protection. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 545-554.

Digital Library

[52]

Jisoo Yang and Kang G Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments. ACM, 71-80.

Digital Library

[53]

Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011. Cloud-Visor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. ACM, 203-216.

Digital Library

[54]

Fengzhe Zhang, Yijian Huang, Huihong Wang, Haibo Chen, and Binyu Zang. 2008. PALM: security preserving VM live migration for systems with VMM-enforced protection. In 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference. IEEE, 9-18.

Digital Library

Cited By

Wang CDeng YNing ZLeach KLi JYan SHe ZCao JZhang F(2024)Building a Lightweight Trusted Execution Environment for Arm GPUsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333427721:4(3801-3816)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3334277
Wang JSun KLei LWang YJing JWan SLi Q(2024)CacheIEE: Cache-Assisted Isolated Execution Environment on ARM Multi-Core PlatformsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325141821:1(254-269)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3251418
Huang HZhang FYan SWei THe Z(2024)SoK: A Comparison Study of Arm TrustZone and CCA2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00021(107-118)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00021
Show More Cited By

Index Terms

TEEv: virtualizing trusted execution environments on mobile platforms
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Demystifying Arm TrustZone: A Comprehensive Survey

The world is undergoing an unprecedented technological transformation, evolving into a state where ubiquitous Internet-enabled “things” will be able to generate and share large amounts of security- and privacy-sensitive data. To cope with the security ...
Trusted Execution Environment: What It is, and What It is Not
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Nowadays, there is a trend to design complex, yet secure systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated processing environment in ...
Trusted Execution Environment: What It is, and What It is Not
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Nowadays, there is a trend to design complex, yet secure systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated processing environment in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

April 2019

206 pages

ISBN:9781450360203

DOI:10.1145/3313808

General Chair:
Jennifer Sartor
Ghent University, Belgium / Vrije Universiteit Brussel, Belgium
,
Program Chairs:
Mayur Naik
University of Pennsylvania, USA
,
Chris Rossbach
University of Texas at Austin, USA / VMware, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Author Tags

Qualifiers

Research-article

Conference

VEE '19

Sponsor:

VEE '19: 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

April 14, 2019

RI, Providence, USA

Acceptance Rates

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
1,039
Total Downloads

Downloads (Last 12 months)160
Downloads (Last 6 weeks)17

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang CDeng YNing ZLeach KLi JYan SHe ZCao JZhang F(2024)Building a Lightweight Trusted Execution Environment for Arm GPUsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333427721:4(3801-3816)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3334277
Wang JSun KLei LWang YJing JWan SLi Q(2024)CacheIEE: Cache-Assisted Isolated Execution Environment on ARM Multi-Core PlatformsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325141821:1(254-269)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3251418
Huang HZhang FYan SWei THe Z(2024)SoK: A Comparison Study of Arm TrustZone and CCA2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00021(107-118)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00021
Xie XWang HJian ZLi TWang WXu ZWang G(2024)Memory-Efficient and Secure DNN Inference on TrustZone-enabled Consumer IoT DevicesIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621088(2009-2018)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621088
Chen JZhou QZhang WJiang NXie YJia X(2024)vASP: Full VM Life-cycle Protection Based on Active Security Processor Architecture2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00028(168-177)Online publication date: 6-May-2024
https://doi.org/10.1109/CCGrid59990.2024.00028
Feng DQin YFeng WLi WShang KMa H(2024)Survey of research on confidential computingIET Communications10.1049/cmu2.12759Online publication date: 23-Apr-2024
https://doi.org/10.1049/cmu2.12759
Jiang NZhou QJia XChen JHuang QDu H(2024)LightArmor: A Lightweight Trusted Operating System Isolation Approach for Mobile SystemsICT Systems Security and Privacy Protection10.1007/978-3-031-65175-5_15(206-220)Online publication date: 26-Jul-2024
https://doi.org/10.1007/978-3-031-65175-5_15
Yu GChae SBae KMoon S(2024)Formal Specification of Trusted Execution Environment APIsFundamental Approaches to Software Engineering10.1007/978-3-031-57259-3_5(101-121)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57259-3_5
Zhang YHu YNing ZZhang FLuo XHuang HYan SHe ZCalandrino JTroncoso C(2023)SHELTERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620587(6257-6274)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620587
Miao XChang RZhao JZhao YCao SWei TJiang LRen K(2023)CVTEE: A Compatible Verified TEE Architecture With Enhanced SecurityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.313357620:1(377-391)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3133576
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents