A Design and Verification Methodology for a TrustZone Trusted Execution Environment

Sun, Haiyong; Lei, Hang

doi:10.1109/access.2020.2974487

Cited by 8 publications

(2 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thanks to the TrustZone [10][11][12] support of the STM32MP157 microprocessor, our system protection solution is all encompassing and not limited to the CPU context. The architecture provides the bus and peripheral infrastructure to ensure that the secure world uses a fully secure pipeline to control secure peripherals.…”

Section: Introductionmentioning

confidence: 99%

STBEAT: Software Update on Trusted Environment Based on ARM TrustZone

et al. 2022

View full text Add to dashboard Cite

In recent years, since edge computing has become more and more popular, its security issues have become apparent and have received unprecedented attention. Thus, the current research concentrates on security not only regarding devices such as PCs, smartphones, tablets, and IoTs, but also the automobile industry. However, since attack vectors have become more sophisticated than ever, we cannot just protect the zone above the system software layer in a certain operating system, such as Linux, for example. In addition, the challenges in IoT devices, such as power consumption, performance efficiency, and authentication management, still need to be solved. Since most IoT devices are controlled remotely, the security regarding system maintenance and upgrades has become a big issue. Therefore, a mechanism that can maintain IoT devices within a trusted environment based on localhost or over-the-air (OTA) will be a viable solution. We propose a mechanism called STBEAT, integrating an open-source project with ARM TrustZone to solve the challenges of upgrading the IoT system and updating system files more safely. This paper focuses on the ARMv7 architecture and utilizes the security stack from TrustZone to OP-TEE under the STM32 board package, and finally obtains the security key from the trusted application, which is used to conduct the cryptographic operations and then install the newer image on the MMC interface. To sum up, we propose a novel software update strategy and integrated ARM TrustZone security extension to beef up the embedded ecosystem.

show abstract

Section: Introductionmentioning

confidence: 99%

STBEAT: Software Update on Trusted Environment Based on ARM TrustZone

et al. 2022

View full text Add to dashboard Cite

show abstract

“…However, cloud-based services suffer from the lack of a mechanism to protect their software from the privileged software controlled by the cloud platform provider, which means that they have to trust the cloud platform not to leak, corrupt, or misuse their secrets. CPU vendors have released powerful hardware-based protection mechanisms called trusted execution environments (TEEs) [6][7][8] to address this. TEE ensures the integrity and confidentiality of the encrypted memory region and provides a trusted computing base (TCB) to launch a secure execution environment from the untrusted part of the system.…”

Section: Introductionmentioning

confidence: 99%

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Kim

2021

Applied Sciences

View full text Add to dashboard Cite

A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, SGX inherently suffers from performance degradation depending on the workload characteristics due to the hardware restriction and design decisions that primarily concern the security guarantee. The system-level optimizations on SGX runtime and kernel module have been proposed to resolve this, but they cannot effectively reflect application-specific characteristics that largely impact the performance of legacy SGX applications. This work presents an optimization strategy to achieve application-level optimization by utilizing asynchronous switchless calls to reduce enclave transition, one of the dominant overheads of using SGX. Based on the systematic analysis, our methodology examines the performance benefit for each enclave transition wrapper and selectively applies switchless calls without modifying the legacy codebases. The evaluation shows that our optimization strategy successfully improves the end-to-end performance of our showcasing application, an SGX-enabled network middlebox.

show abstract

Research on Security Control Mechanism of Power Distribution IoT Based on Trusted Computing

Sun¹,

Li²,

Zhou

et al. 2020

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

Performing an in-depth study on the Power Internet of Things (IoT), it is known that the distribution network faces higher security risks due to a large number of terminals, various types of equipment, and the flexible access of each device to the distribution network structure and dynamic boundary. Therefore, it is urgent to make significant research on the security control mechanism for the power distribution Internet of Things, to realize the safe access of IoT devices in the Power IoT. Firstly, this paper analyses the shortage of power system security under the background of the IoT. Secondly, trusted computing technology is represented by the TrustZone and is deeply studied, and the feasibility of its application for the security of power distribution IoT is analyzed. Furthermore, the TrustZone-based security management and control architecture for power distribution novel IoT equipment is proposed, and its integrity measurement and trusted network connection process are analyzed. Finally, the security of this architecture is analyzed briefly.

show abstract

A Design and Verification Methodology for a TrustZone Trusted Execution Environment

Cited by 8 publications

References 35 publications

STBEAT: Software Update on Trusted Environment Based on ARM TrustZone

STBEAT: Software Update on Trusted Environment Based on ARM TrustZone

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Research on Security Control Mechanism of Power Distribution IoT Based on Trusted Computing

Contact Info

Product

Resources

About