Abstract:ARM TrustZone technology is widely used to provide Trusted Execution Environments (TEE) for mobile devices. However, most TEE OSes are implemented as monolithic kernels. In such designs, device drivers, kernel services and kernel modules all run in the kernel, which results in large size of the kernel. It is difficult to guarantee that all components of the kernel have no security vulnerabilities in the monolithic kernel architecture, such as the integer overflow vulnerability in Qualcomm QSEE TrustZone and th… Show more
“…In contrast, the other isolated security world performs a small, trusted and secure operating system, as well as some advanced security management tasks developed by Trusted Application (TA). Within the TEE there can be TrustZonebased operating systems such as Qualcomm's QSEE [3], the open-source OPTEE [4], etc. that provide security services for security-sensitive applications.…”
With the rapid development of embedded technology and the increasing complexity of system functionality, there is a growing need for a trusted computing environment to ensure the security, integrity, and reliability of sensitive information. Systems not only need to protect the security of sensitive application code but also ensure the isolation of their execution process to prevent attacks and data theft. Traditional system protection is achieved by using security mechanisms that run in the same address space and privilege level as the kernel. However, this approach is not sufficiently secure as attackers who compromise the kernel can also compromise these security mechanisms. To achieve true kernel and critical data protection, security mechanisms need to be isolated. Therefore, building a trusted isolation runtime environment in the system is crucial for system security. TrustZone technology, developed by ARM, is a system-level security isolation framework capable of defending against various potential attacks. this paper provides an overall overview of different security isolation technologies. By concentrating on the principles and characteristics of ARM TrustZone, the paper conducts an in-depth analysis of system security isolation technology based on TrustZone. Finally, considering the existing security issues in the field of trusted execution environments, the paper presents prospects for the future development of this technology.
“…In contrast, the other isolated security world performs a small, trusted and secure operating system, as well as some advanced security management tasks developed by Trusted Application (TA). Within the TEE there can be TrustZonebased operating systems such as Qualcomm's QSEE [3], the open-source OPTEE [4], etc. that provide security services for security-sensitive applications.…”
With the rapid development of embedded technology and the increasing complexity of system functionality, there is a growing need for a trusted computing environment to ensure the security, integrity, and reliability of sensitive information. Systems not only need to protect the security of sensitive application code but also ensure the isolation of their execution process to prevent attacks and data theft. Traditional system protection is achieved by using security mechanisms that run in the same address space and privilege level as the kernel. However, this approach is not sufficiently secure as attackers who compromise the kernel can also compromise these security mechanisms. To achieve true kernel and critical data protection, security mechanisms need to be isolated. Therefore, building a trusted isolation runtime environment in the system is crucial for system security. TrustZone technology, developed by ARM, is a system-level security isolation framework capable of defending against various potential attacks. this paper provides an overall overview of different security isolation technologies. By concentrating on the principles and characteristics of ARM TrustZone, the paper conducts an in-depth analysis of system security isolation technology based on TrustZone. Finally, considering the existing security issues in the field of trusted execution environments, the paper presents prospects for the future development of this technology.
“…HyperMI presents virtual machine protection, featuring security against compromised hypervisors by isolating guests in a secure execution environment [14]. MicroTEE designs a TEE on a microkernel software architecture with the necessary services for the application layer [15]. Ladjel et al evaluate the use of TEE-based computing for personal data in a large number of participants [16].…”
The Trusted Execution Environment (TEE) offers a software platform for secure applications. The TEE offers a memory isolation scheme and software authentication from a high privilege mode. The procedure uses different algorithms such as hashes and signatures, to authenticate the application to secure. Although the TEE hardware has been defined for memory isolation, the security algorithms often are executed using software implementations. In this paper, a RISC-V system compatible with TEEs featuring security algorithm accelerators is presented. The hardware accelerators are the SHA-3 hash and the Ed25519 elliptic curve algorithms. TileLink is used for the communications between the processor and the register of the accelerators. For the TEE boot, the software procedures are switched with the accelerated counterpart. Comparing to the software approach, a 2.5-decade increment is observed in the throughput of the signature procedure using the SHA-3 acceleration for big chunks of data. The Ed25519 performs 90% better compared to the software counterpart in execution times.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.