SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment

Jang, Daehee; Kong, Sun June; Kim, Min Su; Kim, Dae Gyeong; Kang, Brent Byunghoon

doi:10.14722/ndss.2015.23189

Cited by 79 publications

(55 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Problem. As already presented in [5] [26], the communication channel between the CA and TA is vulnerable ( Figure 1). That is, adversaries can easily compromise the messages transferred to/from the TEE.…”

Section: Trustzone Service Invocation and Vulnerabilitymentioning

confidence: 72%

Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection

Jang

Kang

2020

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

ARM TrustZone provides a Trusted Execution Environment (TEE) to isolate security-critical services, which are generally invoked from the Rich Execution Environment (REE) through a communication channel established by executing the Secure Monitor Call (SMC) with the general registers configured as input parameters. Unfortunately, the communication channel has been abused by adversaries to incur misbehavior of the TEE, to analyze the internal working of the TEE, and to exploit its vulnerabilities. We therefore propose the TEE defense (TFence) framework that enables the creation of a partially privileged (par-priv) process, which benefits from the coordination of the system mode and virtualization extension. More specifically, on ARM architecture, direct invocation of hypercall and SMC is not allowed in the user process; however, we limitedly escalate the privilege of the process to enable it to directly communicate with trust anchors such as hypervisor and TrustZone. This approach enabled us to remove the kernel dependency when the process communicates with the TEE, which also reduces the attack surface to the critical part of the application involved in the communication. Besides, direct communication with the hypervisor facilitates the adoption of application-shielding approaches to protect the critical part and to restrict arbitrary access to the TEE. Security area including OS kernel integrity monitor, trusted execution environment, hardware-assisted security, botnet malware defense, and DNS analytics. He is currently a member of the IEEE, the USENIX and the ACM.

show abstract

Section: Trustzone Service Invocation and Vulnerabilitymentioning

confidence: 72%

Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection

Jang

Kang

2020

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…15 A tool with similar features is netperf. 16 Unlike the 14 Full compatibility with iperf would require substantial engineering efforts that we leave out of the scope of this work. 15 See footnote 6 16 See footnote 5 aforementioned tools, tcpdump 17 is a packet analyzer that captures TCP packets being sent or received over a network.…”

Section: Related Workmentioning

confidence: 99%

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

Göttel¹,

Felber²,

Schiavoni³

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The growing availability of hardware-based trusted execution environments (TEEs) in commodity processors has recently advanced support (i.e., design, implementation and deployment frameworks) for network-based secure services. Examples of such TEEs include Arm TrustZone or Intel SGX, largely available in embedded, mobile and server-grade processors. TEEs shield services from compromised hosts, malicious users or powerful attackers. TEE-enabled devices are largely being deployed on the edge of the network, paving the way for large-scale deployments of trusted applications. These applications allow processing and disseminating sensitive data without having to trust cloud providers. However, uncovering network performance limitations of such trusted applications is difficult and currently lacking, despite the interest and reliance by developers and system deployers.iperfTZ is an open-source tool to uncover network performance bottlenecks rooted at the design and implementation of trusted applications for Arm TrustZone and underlying runtime systems. Our evaluation based on micro-benchmarks shows current trade-offs for trusted applications, both from a network as well as an energy perspective; an often overlooked yet relevant aspect for edge-based deployments.

show abstract

“…In the literature, we identify three models of communication: (1) GlobalPlatform TEE Client API [26]; (2) secure RPC (Remote Procedure Call) of Trusted Language Runtime [6]; and (3) real-time RPC of SafeG [27]. Secure inter-environment communication is proposed in [28].…”

Section: Tee Building Blocksmentioning

confidence: 99%

Trusted Execution Environment: What It is, and What It is Not

Sabt

Achemlal

Bouabdallah

2015

2015 IEEE Trustcom/BigDataSE/Ispa

402

186

View full text Add to dashboard Cite

Nowadays, there is a trend to design complex, yet secure systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated processing environment in which applications can be securely executed irrespective of the rest of the system. However, TEE still lacks a precise definition as well as representative building blocks that systematize its design. Existing definitions of TEE are largely inconsistent and unspecific, which leads to confusion in the use of the term and its differentiation from related concepts, such as secure execution environment (SEE). In this paper, we propose a precise definition of TEE and analyze its core properties. Furthermore, we discuss important concepts related to TEE, such as trust and formal verification. We give a short survey on the existing academic and industrial ARM TrustZone-based TEE, and compare them using our proposed definition. Finally, we discuss some known attacks on deployed TEE as well as its wide use to guarantee security in diverse applications.

show abstract

SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment

Cited by 79 publications

References 21 publications

Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection

Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

Trusted Execution Environment: What It is, and What It is Not

Contact Info

Product

Resources

About