More Web Proxy on the site http://driver.im/

research-article

PrivateZone: Providing a Private Execution Environment Using ARM TrustZone

Authors:

Brent Byunghoon KangAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 15, Issue 5

Pages 797 - 810

https://doi.org/10.1109/TDSC.2016.2622261

Published: 01 September 2018 Publication History

Abstract

ARM TrustZone is widely used to provide a Trusted Execution Environment (TEE) for mobile devices. However, the use of TrustZone is limited because TrustZone resources are only available for some pre-authorized applications. In other words, only alliances of the TrustZone OS vendors and device manufacturers can use TrustZone to secure their services. To help overcome this problem, we designed the PrivateZone framework to enable individual developers to utilize TrustZone resources. Using PrivateZone, developers can run Security Critical Logics (SCL) in a Private Execution Environment (PrEE). The advantage of PrivateZone is its leveraging of TrustZone resources without undermining the security of existing services in the TEE. To guarantee this, PrivateZone creates a PrEE using a memory region that is isolated from both the Rich Execution Environment (REE) and TEE. In this paper, we describe the design and implementation of PrivateZone. The prototype of PrivateZone was implemented on an Arndale board with a Cortex-A15 dual-core processor. We built PrivateZone by exploring both security and virtualization extensions of the ARM architecture. To illustrate the usage and the efficacy of PrivateZone, we developed an Android application based on PrivateZone framework, and evaluated the performance overhead imposed on the OS in the REE and SCLs in the PrEE.

References

[1]

Credential storage enhancements in android 4.3, 2015. {Online}. Available: http://nelenkov.blogspot.ch/2013/08/credential-storage-enhancements-android-43.html

[2]

Proxama, 2015. {Online}. Available: http://www.proxama.com/products-and-services/trustzone

[3]

Discretix, 2015. {Online}. Available: http://www.discretix.com/products-solutions

[4]

Arm security technology-building a secure system using trustzone technology, 2015. {Online}. Available: http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf

[5]

J. M. McCune, et al., “ Trustvisor: Efficient TCB reduction and attestation,” in Proc. IEEE Symp. Secur. Privacy, 2010, pp. 143–158.

Digital Library

[6]

Y. Li, J. McCune, J. Newsome, A. Perrig, B. Baker, and W. Drewry, “ MiniBox: A two-way sandbox for x86 native code,” in Proc. USENIX Annu. Tech. Conf., 2014, pp. 409–420.

Digital Library

[7]

X. Chen, et al., “ Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems,” ACM SIGOPS Operating Syst. Rev., vol. Volume 42, no. Issue 2, pp. 2–13, 2008.

Digital Library

[8]

O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel, “ InkTag: Secure applications on an untrusted operating system,” ACM SIGPLAN Notices, vol. Volume 48, no. Issue 4, pp. 265–278, 2013.

Digital Library

[9]

N. Santos, H. Raj, S. Saroiu, and A. Wolman, “ Using arm trustzone to build a trusted language runtime for mobile applications,” in Proc. 19th Int. Conf. Archit. Support Program. Languages Operating Syst., 2014, pp. 67–80.

Digital Library

[10]

K. Kostiainen, J.-E. Ekberg, N. Asokan, and A. Rantala, “ On-board credentials with open provisioning,” in Proc. 4th Int. Symp. Inf. Comput. Commun. Secur., 2009, pp. 104–115.

Digital Library

[11]

F. McKeen, et al., “ Innovative instructions and software model for isolated execution,” in Proc. 2nd Int. Workshop Hardware Archit. Support Secur. Privacy, 2013, pp. 1–1.

Digital Library

[12]

S. Johnson, U. Savagaonkar, V. Scarlata, F. McKeen, and C. Rozas, “ Technique for supporting multiple secure enclaves,” U.S. Patent App. 12 972 406, 2012. {Online}. Available: http://www.google.com/patents/US20120159184

[13]

F. X. McKeen, et al., “ Method and apparatus to provide secure application execution,” U.S. Patent 9 087 200, 2015.

[14]

Sierraware, 2015. {Online}. Available: http://www.openvirtualization.org/

[15]

L. W. McVoy and C. Staelin, “ lmbench: Portable tools for performance analysis,” in Proc. USENIX Annu. Tech. Conf., 1996, pp. 279–294.

Digital Library

[16]

Phoronix test suite, 2015. {Online}. Available: http://www.phoronix-test-suite.com/?k=home

[17]

Amd-v nested paging, 2015. {Online}. Available: http://developer.amd.com/wordpress/media/2012/10/NPT-WP-1

[18]

W. Arbaugh, D. J. Farber, and J. M. Smith, “ A secure and reliable bootstrap architecture,” in Proc. IEEE Symp. Secur. Privacy, 1997, pp. 65–71.

Digital Library

[19]

Corelink system memory management unit, 2015. {Online}. Available: http://www.arm.com/products/system-ip/controllers/system-mmu.php

[20]

E. Keller, J. Szefer, J. Rexford, and R. B. Lee, “ NoHype: virtualized cloud infrastructure without the virtualization,” ACM SIGARCH Comput. Archit. News, vol. Volume 38, no. Issue 3, pp. 350–361, 2010.

Digital Library

[21]

Procedure call standard for the arm architecture, 2015. {Online}. Available: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0042e/IHI0042E_aapcs.pdf

[22]

A. M. Azab, et al., “ Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2014, pp. 90–102.

Digital Library

[23]

X. Ge, H. Vijayakumar, and T. Jaeger, “ SPROBES: Enforcing kernel code integrity on the trustzone architecture,” in Proc. Mobile Secur. Tech. (MoST) workshop, 2014.

[24]

N. Dautenhahn, et al., “ Nested kernel: An operating system architecture for intra-kernel privilege separation,” in Proc. 20th Int. Conf. Archit. Support Program. Languages Operating Syst., 2015, pp. 191–206.

Digital Library

[25]

The eresi reverse engineering software interface, 2015. {Online}. Available: http://www.eresi-project.org/

[26]

Arndale board, 2015. {Online}. Available: http://www.arndaleboard.org/wiki/index.php

[27]

U-boot-linaro-stable, 2015. {Online}. Available: https://git.linaro.org/?p=boot/u-boot-linaro-stable.git;a=summary

[28]

(2015, ) Architecture reference manual (armv7-a and armv7-r edition). http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0406c/index.html

[29]

J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang, “ SeCRet: Secure channel between rich execution environment and trusted execution environment,” in Proc. 22nd Annu. Netw. Distrib. Syst. Secur. Symp., 2015.

[30]

Full trustzone exploit for msm8974, 2015. {Online}. Available: http://bits-please.blogspot.kr/2015/08/full-trustzone-exploit-for-msm8974.html

[31]

Here be dragons: Vulnerabilities in trustzone, 2015. {Online}. Available: http://atredispartners.blogspot.kr/2014/08/here-be-dragons-vulnerabilities-in.html

[32]

V. P. Kemerlis, M. Polychronakis, and A. D. Keromytis, “ ret2dir: Rethinking kernel isolation,” in Proc. 23rd USENIX Conf. Secur. Symp., 2014, vol. Volume 14, pp. 957–972.

Digital Library

[33]

S. Checkoway and H. Shacham, “ Iago attacks: Why the system call API is a bad untrusted RPC interface,” in Proc. 18th Int. Conf. Archit. Support Program. Languages Operating Syst., 2013, pp. 253–264.

Digital Library

[34]

Aes crypt, 2015. {Online}. Available: https://www.aescrypt.com/

[35]

Y. Xu, W. Cui, and M. Peinado, “ Controlled-channel attacks: Deterministic side channels for untrusted operating systems,” in Proc. IEEE Symp. Secur. Privacy, 2015, pp. 640–656.

Digital Library

[36]

H. Sun, K. Sun, Y. Wang, and J. Jing, “ TrustOTP: Transforming smartphones into secure one-time password tokens,” in Proc. 22nd ACM SIGSAC Conf. Comput. Commun. Secur., 2015, pp. 976–988.

Digital Library

[37]

W. Li, H. Li, H. Chen, and Y. Xia, “ AdAttester: Secure online mobile advertisement attestation using trustzone,” in Proc. 13th Annu. Int. Conf. Mobile Syst. Appl. Services, 2015, pp. 75–88.

Digital Library

[38]

M-shield mobile security technology, 2015. {Online}. Available: http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf

[39]

A. Baumann, M. Peinado, and G. Hunt, “ Shielding applications from an untrusted cloud with haven,” in Proc. 11th USENIX Symp. Operating Syst. Des. Implementation, 2014, pp. 267–283.

Digital Library

[40]

F. Schuster, et al., “ Vc3: Trustworthy data analytics in the cloud using SGX,” in Proc. 36th IEEE Symp. Secur. Privacy, 2015, pp. 38–54.

Digital Library

[41]

I. Anati, S. Gueron, S. Johnson, and V. Scarlata, “ Innovative technology for cpu based attestation and sealing,” in Proc. 2nd Int. Workshop Hardware Archit. Support Secur. Privacy, 2013, Art. no. 10.

[42]

M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo, “ Using innovative instructions to create trustworthy software solutions,” in Proc. 2nd Int. Workshop Hardware Archit. Support Secur. Privacy, 2013, Art. no. 11.

Digital Library

[43]

J. Wang, A. Stavrou, and A. Ghosh, “ HyperCheck: A hardware-assisted integrity monitor,” in Recent Advances in Intrusion Detection . Berlin, Germany: Springer, 2010, pp. 158–177.

Digital Library

[44]

A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky, “ Hypersentry: Enabling stealthy in-context measurement of hypervisor integrity,” in Proc. 17th ACM Conf. Comput. Commun. Secur., 2010, pp. 38–49.

Digital Library

[45]

R. Wojtczuk, J. Rutkowska, and A. Tereshkin, (2015, Oct.) “ Xen Owning trilogy,” Invisible Things Lab, http://theinvisiblethings.blogspot.kr/2008/09/xen-0wning-trilogy-code-demos-and-q35.html

[46]

F. Zhang, K. Leach, K. Sun, and A. Stavrou, “ Spectre: A dependable introspection framework via system management mode,” in Proc. 43rd Annu. IEEE/IFIP Int. Conf. Dependable Syst. Netw., 2013, pp. 1–12.

Digital Library

[47]

F. Zhang, K. Leach, A. Stavrou, H. Wang, and K. Sun, “ Using hardware features for increased debugging transparency,” in Proc. IEEE Symp. Secur. Privacy, 2015, pp. 55–69.

Digital Library

[48]

H. Liu, S. Saroiu, A. Wolman, and H. Raj, “ Software abstractions for trusted sensors,” in Proc. 10th Int. Conf. Mobile Syst. Appl. Services, ACM, 2012, pp. 365–378.

Digital Library

[49]

W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C.-K. Chu, and T. Li, “ Building trusted path on untrusted device drivers for mobile devices,” in Proc. 5th Asia-Pacific Workshop Syst., 2014, Art. no. 8.

Digital Library

[50]

H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia, “ TrustDump: Reliable memory acquisition on smartphones,” in Computer Security-ESORICS . Berlin, Germany: Springer, 2014, pp. 202–218.

[51]

A. Seshadri, M. Luk, N. Qu, and A. Perrig, “ SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oSes,” ACM SIGOPS Operating Syst. Rev., vol. Volume 41, no. Issue 6, pp. 335–350, 2007.

Digital Library

[52]

R. Riley, X. Jiang, and D. Xu, “ Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing,” in Recent Advances in Intrusion Detection . Berlin, Germany: Springer, 2008, pp. 1–20.

Digital Library

[53]

Z. Wang, X. Jiang, W. Cui, and P. Ning, “ Countering kernel rootkits with lightweight hook protection,” in Proc. 16th ACM Conf. Comput. Commun. Secur., 2009, pp. 545–554.

Digital Library

[54]

B. Dolan-Gavitt, T. Leek, M. Zhivich, J. Giffin, and W. Lee, “ Virtuoso: Narrowing the semantic gap in virtual machine introspection,” in Proc. IEEE Sypm. Secur. Privacy, 2011, pp. 297–312.

Digital Library

[55]

Y. Fu and Z. Lin, “ Space traveling across VM: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection,” in Proc. IEEE Symp. Secur. Privacy, 2012, pp. 586–600.

Digital Library

[56]

A. Saberi, Y. Fu, and Z. Lin, “ Hybrid-bridge: Efficiently bridging the semantic gap in virtual machine introspection via decoupled execution and training memoization,” in Proc. 21st Annu. Netw. Distrib. Syst. Secur. Symp., 2014.

[57]

J. Yang and K. G. Shin, “ Using hypervisor to provide data secrecy for user applications on a per-page basis,” in Proc. 4th ACM SIGPLAN/SIGOPS Int. Conf. Virtual Execution Environ., 2008, pp. 71–80.

Digital Library

[58]

D. Srinivasan, Z. Wang, X. Jiang, and D. Xu, “ Process out-grafting: an efficient out-of-VM approach for fine-grained process execution monitoring,” in Proc. 18th ACM Conf. Comput. Commun. Secur., 2011, pp. 363–374.

Digital Library

[59]

R. Ta-Min, L. Litty, and D. Lie, “ Splitting interfaces: Making trust between applications and operating systems configurable,” in Proc. 7th Symp. Operating Syst. Des. Implementation, 2006, pp. 279–292.

Digital Library

[60]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, “ Flicker: An execution infrastructure for TCB minimization,” in Proc. ACM SIGOPS Operating Syst. Rev., 2008, vol. Volume 42, no. Issue 4, pp. 315–328.

Digital Library

[61]

J. Criswell, N. Dautenhahn, and V. Adve, “ Virtual ghost: Protecting applications from hostile operating systems,” in Proc. 19th Int. Conf. Archit. Support Program. Languages Operating Syst., 2014, pp. 81–96.

Digital Library

[62]

D. Lie, et al., “ Architectural support for copy and tamper resistant software,” ACM SIGPLAN Notices, vol. Volume 35, no. Issue 11, pp. 168–177, 2000.

Digital Library

[63]

D. Lie, C. A. Thekkath, and M. Horowitz, “ Implementing an untrusted operating system on trusted hardware,” in Proc. ACM SIGOPS Operating Syst. Rev., 2003, vol. Volume 37, no. Issue 5, pp. 178–192.

Digital Library

[64]

H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “ TrustICE: Hardware-assisted isolated computing environments on mobile devices,” in Proc. 45th Annu. IEEE/IFIP Int. Conf. Dependable Syst. Netw., 2015, pp. 367–378.

Digital Library

[65]

P. Jain, et al., “ OpenSGX: An open platform for SGX research,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2016.

[66]

Device specifications, 2015. {Online}. Available: https://www.globalplatform.org/specificationsdevice.asp

[67]

T. Nyman, B. McGillion, and N. Asokan, “ On making emerging trusted execution environments accessible to developers,” in Trust and Trustworthy Computing . Berlin, Germany: Springer, 2015, pp. 58–67.

[68]

B. McGillion, T. Dettenborn, T. Nyman, and N. Asokan, “ Open-tee-an open virtual trusted execution environment,” in Trustcom/BigDataSE/ISPA, vol. Volume 1, pp. 400–407, 2015.

Digital Library

[69]

Linaro: Op-tee</uri>, 2015. {Online}. Available: <uri>https://wiki.linaro.org/WorkingGroups/Security/OP-TEE

Cited By

Chen JZheng HLiu TLiu JCheng YZhang XJi S(2024)EdgePro: Edge Deep Learning Model Protection via Neuron AuthorizationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.336573021:5(4967-4981)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1109/TDSC.2024.3365730
Wang CDeng YNing ZLeach KLi JYan SHe ZCao JZhang F(2024)Building a Lightweight Trusted Execution Environment for Arm GPUsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333427721:4(3801-3816)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3334277
Sun LWang SWu HGong YXu FLiu YHan HZhong S(2023)LEAP: TrustZone Based Developer-Friendly TEE for Intelligent Mobile AppsIEEE Transactions on Mobile Computing10.1109/TMC.2022.320774522:12(7138-7155)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1109/TMC.2022.3207745
Show More Cited By

Recommendations

Internet Censorship
Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...
Convergence of Blockchain Enabled Internet of Things (IoT) Framework: A Survey
Ubiquitous Networking
Abstract
Recent research and experiments in the field of Internet of Things (IoT) security have found that these devices are vulnerable to various attacks, ranging from cyber-attacks to physical attacks on devices. Internet of Things (IoTs) have certain ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 15, Issue 5

September 2018

21 pages

ISSN:1545-5971

Issue’s Table of Contents

Copyright © 2018.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 September 2018

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen JZheng HLiu TLiu JCheng YZhang XJi S(2024)EdgePro: Edge Deep Learning Model Protection via Neuron AuthorizationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.336573021:5(4967-4981)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1109/TDSC.2024.3365730
Wang CDeng YNing ZLeach KLi JYan SHe ZCao JZhang F(2024)Building a Lightweight Trusted Execution Environment for Arm GPUsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333427721:4(3801-3816)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3334277
Sun LWang SWu HGong YXu FLiu YHan HZhong S(2023)LEAP: TrustZone Based Developer-Friendly TEE for Intelligent Mobile AppsIEEE Transactions on Mobile Computing10.1109/TMC.2022.320774522:12(7138-7155)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1109/TMC.2022.3207745
Quarta DIanni MMachiry AFratantonio YGustafson EBalzarotti DLindorfer MVigna GKruegel CHauser CKwon YBanescu S(2021)Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZoneProceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks10.1145/3465413.3488571(43-57)Online publication date: 19-Nov-2021
https://dl.acm.org/doi/10.1145/3465413.3488571
Baksi RUpadhyaya S(2021)Decepticon: a Theoretical Framework to Counter Advanced Persistent ThreatsInformation Systems Frontiers10.1007/s10796-020-10087-423:4(897-913)Online publication date: 1-Aug-2021
https://dl.acm.org/doi/10.1007/s10796-020-10087-4
Wang JSun KLei LWan SWang YJing JLigatti JOu XKatz JVigna G(2020)Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution EnvironmentsProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417886(1001-1015)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417886
Guo PYan YZhu CWang J(2020)Research on Arm TrustZone and Understanding the Security Vulnerability in Its Cache ArchitectureSecurity, Privacy, and Anonymity in Computation, Communication, and Storage10.1007/978-3-030-68851-6_14(200-213)Online publication date: 18-Dec-2020
https://dl.acm.org/doi/10.1007/978-3-030-68851-6_14
Li WXia YChen H(2019)Research on ARM TrustZoneGetMobile: Mobile Computing and Communications10.1145/3308755.330876122:3(17-22)Online publication date: 17-Jan-2019
https://dl.acm.org/doi/10.1145/3308755.3308761

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents