PrivateZone: Providing a Private Execution Environment Using ARM TrustZone

Jang, Daehee; Choi, Changho; Lee, Jae-Hyuk; Kwak, Nohyun; Lee, Seongman; Choi, Yoojin; Kang, Brent Byunghoon

doi:10.1109/tdsc.2016.2622261

Cited by 40 publications

(32 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Not in the cloud context but in the environment of a untrusted OS, Ink-Tag [36] aims at the integration of high-assurance processes using virtualization technology. Recently, Jang et al [37] proposed Pri-vateZone, a system very similar to our TrApps. While they also support small trusted components, their system comprises a larger TCB than our TrApps and requires hardware supporting the ARM virtualisation technology.…”

Section: Related Workmentioning

confidence: 99%

TrApps

Brenner

Goltzsche

Kapitza

2017

Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures

View full text Add to dashboard Cite

The cloud computing paradigm enables the flexible and scalable outsourcing of workloads. However, cloud customers are often reluctant to entrust their sensitive data with cloud providers. This is due to the fact that the infrastructure is owned by another company and a resulting loss of control. With the recent advent of powerful ARM hardware targeted for data centres, there is the opportunity of using trusted execution technology provided by ARM TrustZone to enhance the protection of cloud customer's data. In this paper we propose TrApps, a secure platform for generalpurpose trusted execution in an untrusted cloud with multiple isolated tenants based on the ARM TrustZone technology. Our system targets the parallel execution of partitioned applications of distinct tenants with lean security-sensitive components, and is based on a minimal trusted code base in the secure world of ARM TrustZone when compared to similar systems. In our evaluation we show the feasibility of our approach, and demonstrate its performance with trusted execution of memcached with an overhead of only 36.9% compared to the vanilla implementation and execution.

show abstract

Section: Related Workmentioning

confidence: 99%

TrApps

Brenner

Goltzsche

Kapitza

2017

Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures

View full text Add to dashboard Cite

show abstract

“…TrustZone is also utilized to host OTP [17], remote attestation [18], security monitors [19], [20], memory forensic framework [21], stealthy debugger [22] and an architecture for provisioning credentials [23] in the TEE. In addition, TrustZone components are analyzed in-depth and leveraged to realize the TEE virtualization [24], [25].…”

Section: Trustzone Service Invocation and Vulnerabilitymentioning

confidence: 99%

Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection

Jang

Kang

2020

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

ARM TrustZone provides a Trusted Execution Environment (TEE) to isolate security-critical services, which are generally invoked from the Rich Execution Environment (REE) through a communication channel established by executing the Secure Monitor Call (SMC) with the general registers configured as input parameters. Unfortunately, the communication channel has been abused by adversaries to incur misbehavior of the TEE, to analyze the internal working of the TEE, and to exploit its vulnerabilities. We therefore propose the TEE defense (TFence) framework that enables the creation of a partially privileged (par-priv) process, which benefits from the coordination of the system mode and virtualization extension. More specifically, on ARM architecture, direct invocation of hypercall and SMC is not allowed in the user process; however, we limitedly escalate the privilege of the process to enable it to directly communicate with trust anchors such as hypervisor and TrustZone. This approach enabled us to remove the kernel dependency when the process communicates with the TEE, which also reduces the attack surface to the critical part of the application involved in the communication. Besides, direct communication with the hypervisor facilitates the adoption of application-shielding approaches to protect the critical part and to restrict arbitrary access to the TEE. Security area including OS kernel integrity monitor, trusted execution environment, hardware-assisted security, botnet malware defense, and DNS analytics. He is currently a member of the IEEE, the USENIX and the ACM.

show abstract

“…该方案通过动态改变 TrustZone 安全世界的边界范围为普通世界的应用提供隔离保护, 解决了现有 TrustZone 方案 TCB 过大的问题, 其思路是 TCB 只负责核心安全功能, 同时保障安全性和开放性. PrivateZone [35] 创建了一个介于 TEE 和 REE 之间的执行环境 PrEE, 它利用新的执行环境运行敏感应用, 通过对页表进行重写映射确保了 PrEE 的安全性, 解决了传统 TrustZone 方案在安全性和开放性方面的冲突. 第 2 种方式的代表性方案是 CaSE [36] , 该方案使用 TrustZone 和缓存作为 RAM 的技术创建了一个基于缓存的执行环境, 解决了 TrustZone 无法抵御冷启动攻击的问题.…”

Section: 移动可信计算体系结构unclassified