Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

Cho, Yeongpil; Kwon, Donghyun; Yi, Hayoon; Paek, Yunheung

doi:10.14722/ndss.2017.23024

Cited by 9 publications

(3 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Not many studies focus on this approach due to less security provided. Related techniques proposed to enhance isolation for virtualization in ARM platforms [20,21]. Inter-privilege isolation: there are couple of techniques proposed to deploy isolation environment using ARM platform [22,23].…”

Section: Software-based Teementioning

confidence: 99%

The Trade-Off Between Performance and Security of Virtualized Trusted Execution Environment on Android

Doan¹,

Chau²,

Park³

et al. 2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Nowadays, with the significant growth of the mobile market, security issues on the Android Operation System have also become an urgent matter. Trusted execution environment (TEE) technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security. However, for Android, TEE technologies still contain restrictions and limitations. The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE. Another issue of hardware-based TEE is the cross-platform problem. Since every mobile device supports different TEE vendors, it becomes an obstacle for developers to migrate their trusted applications to other Android devices. A software-based TEE solution is a potential approach that allows developers to customize, package and deliver the product efficiently. Motivated by that idea, this paper introduces a VTEE model, a software-based TEE solution, on Android devices. This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics: computing performance and security. The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on the Android environment. The security evaluation shows that adding the VTEE model to the existing Android does not add more security issues to the traditional design. Overall, this paper shows applicable solutions to adjust the balance between computing performance and security.

show abstract

Section: Software-based Teementioning

confidence: 99%

The Trade-Off Between Performance and Security of Virtualized Trusted Execution Environment on Android

Doan¹,

Chau²,

Park³

et al. 2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

show abstract

“…In general, address space separation using shadow page table is widely used, but significant overhead is inevitable due to the memory management unit (MMU) configurations and TLB maintenance [29]. In some research [34], [69], the overhead of context switching between a normal kernel execution environment and a trusted kernel execution environment is reduced by reserving an ASID for the trusted kernel execution environment. Unlike the previous research, however, we considered ASID management for trusted applications.…”

Section: Kernel Deprivilegingmentioning

confidence: 99%

“…For the entry gate, in SKEE [34], the authors suggested two solutions: 1) setting the kernel and secure kernel to use different translation table base registers (TTBR0 and TTBR1) respectively, and 2) using a zero register to update the TTBR register. In addition, Hilps [69] adjusted the virtual address range by updating a control register called the translation control register (TCR) at the entry and exit gates. In this case, the gates need to check whether the control register value is valid immediately after updating the register.…”

Section: )mentioning

confidence: 99%

SofTEE: Software-Based Trusted Execution Environment for User Applications

Lee

Park

2020

IEEE Access

View full text Add to dashboard Cite

Commodity operating systems are considered vulnerable. Therefore, when an application handles security-sensitive data, it is highly recommended to run the application in a trusted execution environment. In response to this demand, hardware-based trusted execution environments such as Intel SGX and ARM TrustZone have been developed in commodity computers. However, hardware-based approaches cannot be quickly upgraded to address design vulnerabilities or to reflect customer feedback. In this paper, we propose SofTEE, a software framework to support a trusted execution environment for user applications. For a trusted execution environment, SofTEE should support memory isolation and attestation. For memory isolation, SofTEE relies on kernel deprivileging which delegates the execution of privileged operations such as memory management, from a kernel to a special module called a security monitor. To reduce the overhead of switching between the deprivileged kernel and the security monitor, SofTEE proposes an efficient management mechanism of the address space identifier. SofTEE supports attestation by assuming minimal hardware functionalities of random entropy and root of trust. The main challenge of SofTEE is to guarantee security properties like confidentiality and integrity of security-sensitive applications. For security analysis, we have identified security invariants that SofTEE should meet for confidentiality and integrity guarantees. Based on the security invariants, we have designed and prototyped each component of SofTEE on a Raspberry Pi 3 board. SofTEE produces about 3% overhead in case of a security-sensitive application with long execution time and 23% overhead in case of a security-sensitive application with short execution time.

show abstract

KMO: Kernel Memory Observer to Identify Memory Corruption by Secret Inspection Mechanism

Kuzuno

Yamauchi

2019

Information Security Practice and Experience

View full text Add to dashboard Cite

Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

Cited by 9 publications

References 31 publications

The Trade-Off Between Performance and Security of Virtualized Trusted Execution Environment on Android

The Trade-Off Between Performance and Security of Virtualized Trusted Execution Environment on Android

SofTEE: Software-Based Trusted Execution Environment for User Applications

KMO: Kernel Memory Observer to Identify Memory Corruption by Secret Inspection Mechanism

Contact Info

Product

Resources

About