research-article

Public Access

TrustICT: an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors

Authors:
Jie Wang

George Mason University and University of Chinese Academy of Sciences, China

George Mason University and University of Chinese Academy of Sciences, China
View Profile

,
Yuewu Wang

University of Chinese Academy of Sciences, China

University of Chinese Academy of Sciences, China
View Profile

,
Lingguang Lei

University of Chinese Academy of Sciences, China

University of Chinese Academy of Sciences, China
View Profile

,
Kun Sun

George Mason University

George Mason University
View Profile

,
Jiwu Jing

University of Chinese Academy of Sciences, China

University of Chinese Academy of Sciences, China
View Profile

,
Quan Zhou

CAS, China

CAS, China
View Profile

SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor SystemsNovember 2020Pages 271–284https://doi.org/10.1145/3384419.3430718

Published:16 November 2020Publication History

SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor Systems

Pages 271–284

ABSTRACT

The Trusted Execution Environment (TEE) has been widely used to protect the security-sensitive sensing systems on Internet-of-Thing (IoT) devices. In the TEE systems, the execution environment is securely divided into a normal domain and a higher privileged secure domain which executing sensing systems through hardware. One common way to achieve the protection is implementing the sensitive functions of the sensing systems as trusted applications (TAs) in the well-isolated secure domain. Users in rich OS have to call TAs through the client applications (CAs), and the invocations must pass through the rich OS kernel. However, an untrusted rich OS may launch man-in-the-middle attacks on the communication between the CAs and TAs, and the misuse of cross-domain communication channel is becoming one severe threat on the TEE systems. In this paper, we develop a defense system named TrustICT to construct a lightweight trusted interaction channel between CAs and TAs without modifying existing TEE architecture. The main idea is to block attacks on the cross-domain interactions via dynamically setting the access permission of domain-shared memory, locking it from kernel mode and unlocking it only to legal CAs in the user mode. Particularly, we propose a multi-core scheduling strategy to defeat potential attacks from all privileged cores. Compared to existing cryptography-based methods, TrustICT dramatically reduces the system overhead since it does not require time-consuming cryptographic computation or sophisticated real-time kernel protection. We implement a prototype of TrustICT on a Freescale i.MX6Quad platform with the OP-TEE software system and evaluate its impacts on rich OS and the cross-domain transactions.

References

2013. CVE Details. Google: Android: Security Vulnerabilities. http://cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html.Google Scholar
Tiago Alves and Don Felton. 2004. TrustZone: Integrated hardware and software security. ARM white paper 3, 4 (2004).Google Scholar
Android. 2018. File-Based Encryption | Android Open Source Project. https://source.android.com/security/encryption/file-based.Google Scholar
Android. 2018. System and kernel security | Android Open Source Project. https://source.android.com/security/overview/kernel-security.Google Scholar
ANTUTU. 2019. Aututu Benchmark. http://www.antutu.com/en/index.htm.Google Scholar
Apple. 2018. Keychain Services. https://developer.apple.com/documentation/security/keychain-services.Google Scholar
ARM. 2010. TrustZone Address Space Controller (TZC-380) Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0431c/DDI0431C_tzasc_tzc380_r0p1_trm.pdf.Google Scholar
ARM. 2016. ARM Cortex-M23 Processor Technical Reference Manual. https://developer.arm.com/documentation/ddi0550/c.Google Scholar
ARM. 2016. ARM Cortex-M33 Processor Technical Reference Manual. https://developer.arm.com/documentation/100230/latest.Google Scholar
Ahmed M Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, and Jia Ma. 2014. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2014.Google ScholarDigital Library
Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. 2010. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In ACM Conference on Computer and Communications Security. 38--49.Google Scholar
Ahmed M. Azab, Peng Ning, and Xiaolan Zhang. 2011. SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In ACM Conference on Computer and Communications Security. 375--388.Google ScholarDigital Library
Ahmed M. Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, and Peng Ning. 2016. SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM. In 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21--24.Google Scholar
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.Google ScholarDigital Library
Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. SANCTUARY: ARMing TrustZone with User-space Enclaves.. In NDSS.Google Scholar
Ferdinand Brasser, Daeyoung Kim, Christopher Liebchen, Vinod Ganapathy, Liviu Iftode, and Ahmad-Reza Sadeghi. 2016. Regulating arm trustzone devices in restricted spaces. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. 413--425.Google ScholarDigital Library
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey S. Dwoskin, and Dan R. K. Ports. 2008. Over-shadow: a virtualization-based approach to retrofitting protection in commodity operating systems. (2008), 2--13.Google Scholar
Yue Chen, Yulong Zhang, Zhi Wang, and Tao Wei. 2018. Downgrade attack on TrustZone. https://arxiv.org/pdf/1707.05082.Google Scholar
Yuxia Cheng, Qing Wu, Bei Wang, and Wenzhi Chen. 2017. Protecting In-memory Data Cache with Secure Enclaves in Untrusted Cloud. In proceeding of International Symposium on Cyberspace Safety and Security.Google Scholar
Victor Costan, lia A Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In proceeding of usenix security symposium.Google Scholar
John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual ghost: Protecting applications from hostile operating systems. ACM SIGARCH Computer Architecture News 42, 1 (2014), 81--96.Google ScholarDigital Library
CVEdetail.com. 2013. cve-2013-3051. http://www.cvedetails.com/cve/CVE-2013-3051/.Google Scholar
CVEdetails.com. 2018. Vmware: Vulnerability statistics. http://www.cvedetails.com/vendor/252/Vmware.html.Google Scholar
CVEdetails.com. 2018. Xen: Vulnerability statistics. http://www.cvedetails.com/vendor/6276/XEN.html.Google Scholar
Jan-Erik Ekberg. 2015. Trusted Execution Environments (and Android). https://usmile.at/sites/default/files/androidsecuritysymposium/presentations2015/Ekberg_AndroidAndTrustedExecutionEnvironments.pdf.Google Scholar
Xinyang Ge, Hayawardh Vijayakumar, and Trent Jaeger. 2014. SPROBES: Enforcing kernel code integrity on the trustzone architecture. In in Proceedings of the 2014 Mobile Security Technologies (MoST) workshop.Google Scholar
GlobalPlatform. 2017. GlobalPlatform made simple guide: Trusted Execution Environment (TEE) Guide. https://www.globalplatform.org/mediaguidetee.asp.Google Scholar
GlobalPlatform. 2018. TEE System Architecture v1.1. https://globalplatform.org/specs-library/.Google Scholar
Le Guan, Jingqiang Lin, Bo Luo, and Jiwu Jing. 2014. Copker: Computing with Private Keys without RAM. In network and distributed system security symposium.Google Scholar
Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing, and Jing Wang. 2015. Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory. In Proceedings of ieee symposium on security and privacy.Google ScholarDigital Library
Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. 2017. TrustShadow: Secure execution of unmodified applications with ARM trustzone. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 488--501.Google ScholarDigital Library
Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. InkTag: secure applications on an untrusted operating system. In ASPLOS. 265--278.Google Scholar
Jinsoo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim, and Brent Byunghoon Kang. 2015. SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment. In Proceeding of network and distributed system security symposium(NDSS).Google Scholar
N. Keltner. 2014. Here Be Dragons: Vulnerabilities in TrustZone. https://atredispartners.blogspot.com/2014/08/here-be-dragons-vulnerabilities-in.html.Google Scholar
K. Lady. 2016. Sixty Percent of Enterprise Android Phones Affected by Critical QSEE Vulnerability. https://duo.com/blog/sixty_percent_of_enterprise_android_phones_affected_by_critical_qsee_vulnerability.Google Scholar
Matthew Lentz, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. 2018. Secloak: Arm trustzone-based mobile peripheral control. In Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services. 1--13.Google ScholarDigital Library
Linaro. 2018. Leading software collaboration in the Arm Ecosystem. https://www.linaro.org/membership/.Google Scholar
He Liu, Stefan Saroiu, Alec Wolman, and Himanshu Raj. 2012. Software abstractions for trusted sensors. In Proceedings of the 10th international conference on Mobile systems, applications, and services. 365--378.Google ScholarDigital Library
Renju Liu and Mani Srivastava. 2018. VirtSense: Virtualize Sensing through ARM TrustZone on Internet-of-Things. In Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2--7.Google ScholarDigital Library
Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Choe, Christopher Kruegel, and Giovanni Vigna. 2017. BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environment. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil D. Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy. 143--158.Google Scholar
Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: an execution infrastructure for tcb minimization. In EuroSys. 315--328.Google Scholar
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. 2013. Innovative instructions and software model for isolated execution. HASP@ ISCA 10 (2013).Google Scholar
NORDIC. [n.d.]. nRF5340. https://www.nordicsemi.com/Products/Low-power-short-range-wireless/nRF5340.Google Scholar
NXP. [n.d.]. i.MX-RT500. https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/i-mx-rt-crossover-mcus/i-mx-rt500-crossover-mcu-with-arm-cortex-m33-core:i.MX-RT500.Google Scholar
NXP. [n.d.]. i.MX-RT600. https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/i-mx-rt-crossover-mcus/i-mx-rt600-crossover-mcu-with-arm-cortex-m33-and-dsp-cores:i.MX-RT600.Google Scholar
OP-TEE. 2018. OP-TEE design. https://github.com/OP-TEE/optee-os/blob/master/documentation/optee-design.md.Google Scholar
OP-TEE. 2018. optee-os. https://github.com/OP-TEE.Google Scholar
Sandro Pinto and Nuno Santos. 2019. Demystifying arm trustzone: A comprehensive survey. ACM Computing Surveys (CSUR) 51, 6 (2019), 1--36.Google ScholarDigital Library
Ryan Riley, Xuxian Jiang, and Dongyan Xu. 2008. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In International Workshop on Recent Advances in Intrusion Detection. Springer, 1--20.Google ScholarCross Ref
Dan Rosenberg. 2013. Unlocking the motorola bootloader. http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html.Google Scholar
Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM TrustZone to build a trusted language runtime for mobile applications. In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems. 67--80.Google ScholarDigital Library
SiteGround. 2018. Poly 1305. https://www.poly1305.com/.Google Scholar
Stephen Smalley and Robert Craig. 2013. Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In Proceedings of network and distributed system security symposium(NDSS).Google Scholar
STMicroelectronics. [n.d.]. STM32L5. https://www.st.com/en/microcontrollers-microprocessors/stm32l5-series.html.Google Scholar
Raoul Strackx and Frank Piessens. 2016. Ariadne: A Minimal Approach to State Continuity. In Proceeding of usenix security symposium.Google Scholar
He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing. 2015. TrustOTP: Transforming Smartphones into Secure One-Time Password. In Proceeding of ACM computer and communications security (CCS).Google Scholar
He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, and Haining Wang. 2015. TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices. In Proceeding of IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).Google ScholarDigital Library
Common Vulnerabilities and Exposures. 2020. CVE List. https://cve.mitre.org/.Google Scholar
Jisoo Yang and Kang G Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceeding of virtual execution environments.Google Scholar
Min Hong Yun and Lin Zhong. 2019. Ginseng: Keeping Secrets in Registers When You Distrust the Operating System.. In NDSS.Google Scholar
Ning Zhang, Kun Sun, Wenjing Lou, and Y Thomas Hou. 2016. CaSE: Cache-Assisted Secure Execution on ARM Processors. In ieee symposium on security and privacy. 72--90.Google Scholar

Index Terms

TrustICT: an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors
1. Computer systems organization
  1. Architectures
2. Security and privacy
  1. Systems security

Recommendations

Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Trusted Execution Environments (TEEs) such as ARM TrustZone are in widespread use in both mobile and embedded devices, and they are used to protect sensitive secrets while often sharing the same computational hardware as untrusted code. Although there ...
Read More
Enhancing the security of IoT gateway based on the classification of user security-sensitive data
RACS '19: Proceedings of the Conference on Research in Adaptive and Convergent Systems

With the widespread use of the IoT, there is an increasing threat to the systems and data of IoT devices that handle user security-sensitive data about users. In particular, if the IoT gateway, which serves as a gateway between the IoT devices and the ...
Read More
On the Cost-Effectiveness of TrustZone Defense on ARM Platform
Information Security Applications
Abstract
In recent years, research efforts have been made to develop safe and secure environments for ARM platform. The ARMv8 architecture brought in security features by design. However, there are still some security problems with ARM. For example, on ARM ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor Systems
November 2020
852 pages
ISBN:9781450375900
DOI:10.1145/3384419

Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 November 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
trusted interaction interface
multi-core processor
trustzone
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate174of867submissions,20%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 353
  Total Downloads
- Downloads (Last 12 months)85
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

TrustICT: an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors

Save to Binder

SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor Systems

ABSTRACT

References

Cited By

Index Terms

TrustICT: an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors

Recommendations

Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone

Enhancing the security of IoT gateway based on the classification of user security-sensitive data

On the Cost-Effectiveness of TrustZone Defense on ARM Platform

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

TrustICT: an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors

Save to Binder

SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor Systems

ABSTRACT

References

Cited By

Index Terms

TrustICT: an efficient trusted interaction interface between isolated execution domains on ARM multi-core processors

Recommendations

Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone

Enhancing the security of IoT gateway based on the classification of user security-sensitive data

On the Cost-Effectiveness of TrustZone Defense on ARM Platform

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media