TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices

Sun, He; Sun, Kun; Wang, Yuewu; Jing, Jiwu; Wang, Haining

doi:10.1109/dsn.2015.11

Cited by 66 publications

(55 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Intel VT-x/AMD-v based [49] Intel TXT/AMD SVM based [50] Intel SGX based [20] System Management Mode (SMM) based [51] Coprocessor based [52], [53] TrustZone based [54] SoC-bound Execution…”

Section: Hardware-assisted Executionmentioning

confidence: 99%

“…To protect the wide spread of software vulnerabilities in applications and operating systems, hardware-assisted isolation has been widely adopted in both x86 and ARM processors [50], [51], [20], [15], [54]. On the other hand, physical memory disclosure attacks [16], [17] achieve complete memory exposure through a different attack vector.…”

Section: Related Workmentioning

confidence: 99%

“…A line of research on isolated execution environments [50], [70], [49], [71], [72], [27], [51], [73], [74], [75], [20], [54], [4], [10], [12], [9], [8], [7], [14], [76], [53], [52] has attracted much attention as security becomes one of the most important aspects in modern information systems. One of the key challenges is to bootstrap a trusted environment and to isolate it from the untrusted environment.…”

Section: A Isolated Executionmentioning

confidence: 99%

See 2 more Smart Citations

CaSE: Cache-Assisted Secure Execution on ARM Processors

Zhang

Sun

Lou

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

Recognizing the pressing demands to secure embedded applications, ARM TrustZone has been adopted in both academic research and commercial products to protect sensitive code and data in a privileged, isolated execution environment. However, the design of TrustZone cannot prevent physical memory disclosure attacks such as cold boot attack from gaining unrestricted read access to the sensitive contents in the dynamic random access memory (DRAM). A number of system-on-chip (SoC) bound execution solutions have been proposed to thaw the cold boot attack by storing sensitive data only in CPU registers, CPU cache or internal RAM. However, when the operating system, which is responsible for creating and maintaining the SoC-bound execution environment, is compromised, all the sensitive data is leaked.In this paper, we present the design and development of a cache-assisted secure execution framework, called CaSE, on ARM processors to defend against sophisticated attackers who can launch multi-vector attacks including software attacks and hardware memory disclosure attacks. CaSE utilizes TrustZone and Cache-as-RAM technique to create a cache-based isolated execution environment, which can protect both code and data of security-sensitive applications against the compromised OS and the cold boot attack. To protect the sensitive code and data against cold boot attack, applications are encrypted in memory and decrypted only within the processor for execution. The memory separation and the cache separation provided by TrustZone are used to protect the cached applications against compromised OS.We implement a prototype of CaSE on the i.MX53 running ARM Cortex-A8 processor. The experimental results show that CaSE incurs small impacts on system performance when executing cryptographic algorithms including AES, RSA, and SHA1.

show abstract

“…Intel VT-x/AMD-v based [49] Intel TXT/AMD SVM based [50] Intel SGX based [20] System Management Mode (SMM) based [51] Coprocessor based [52], [53] TrustZone based [54] SoC-bound Execution…”

Section: Hardware-assisted Executionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: A Isolated Executionmentioning

confidence: 99%

See 1 more Smart Citation

CaSE: Cache-Assisted Secure Execution on ARM Processors

Zhang

Sun

Lou

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…SecReT (Jang et al 2015) mainly solves the establishment of secure communication between the Rich Execution Environment (REE) and Trust Execution Environment (TEE). ICE (Sun et al 2015b) runs the secure code in the non-secure domain by designing isolated secure environment to restrict the code size of TEE environment.…”

Section: Related Workmentioning

confidence: 99%

Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes

et al. 2018

View full text Add to dashboard Cite

Third-party IME (Input Method Editor) apps are often the preference means of interaction for Android users' input. In this paper, we first discuss the insecurity of IME apps, including the Potentially Harmful Apps (PHAs) and malicious IME apps, which may leak users' sensitive keystrokes. The current defense system, such as I-BOX, is vulnerable to the prefix substitution attack and the colluding attack due to the post-IME nature. We provide a deeper understanding that all the designs with the post-IME nature are subject to the prefix-substitution and colluding attacks. To remedy the above post-IME system's flaws, we propose a new idea, pre-IME, which guarantees that "Is this touch event a sensitive keystroke?" analysis will always access user touch events prior to the execution of any IME app code. We design an innovative TrustZone-based framework named IM-Visor which has the pre-IME nature. Specifically, IM-Visor creates the isolation environment named STIE as soon as a user intends to type on a soft keyboard, then the STIE intercepts,Android event sub translates and analyzes the user's touch input. If the input is sensitive, the translation of keystrokes will be delivered to user apps through a trusted path. Otherwise, IM-Visor replays non-sensitive keystroke touch events for IME apps or replays non-keystroke touch events for other apps. A prototype of IM-Visor has been implemented and tested with several most popular IMEs. The experimental results show that IM-Visor has small runtime overheads.

show abstract

“…That is mainly to keep the TCB inside the secure world as small as possible. In TrustICE [50], the authors ensure isolation of a secure code in the normal world, called by the authors as isolated computing environment (ICE), through using a trusted domain controller (TDC) that resides in the secure world. To establish an ICE, a request is sent from the normal world and handled by the TDC, which in turn saves the status of the executing software (the Rich OS), configures the registers to prevent handling interrupts and after verifying the code integrity of the ICE saves it in a secure memory.…”

Section: Related Workmentioning

confidence: 99%

A framework for application partitioning using trusted execution environments

Atamli-Reineh

Paverd

Petracca

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary The size and complexity of modern applications are the underlying causes of numerous security vulnerabilities. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (such as the operating system). New technologies, notably Intel's Software Guard Extensions (SGX), are becoming available to enhance the security of partitioned applications. SGX provides a trusted execution environment (TEE), called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system (OS). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. How should a particular application be partitioned? How many TEEs should be used? What granularity of partitioning should be applied? To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. However, as partitioning becomes increasingly common, there is a need for systematisation in the design of partitioning schemes. To address this need, we present a novel framework consisting of four overarching types of partitioning schemes through which applications can make use of TEEs. These schemes range from coarse‐grained partitioning, in which the whole application is included in a single TEE, through to ultra‐fine partitioning, in which each piece of security‐sensitive code and data is protected in an individual TEE. Although partitioning schemes themselves are application specific, we establish application‐independent relationships between the types we have defined. Because these relationships have an impact on both the security and performance of the partitioning scheme, we envisage that our framework can be used by software architects to guide the design of application partitioning schemes. To demonstrate the applicability of our framework, we have carried out case studies on two widely used software packages, the Apache Web server and the OpenSSL library. In each case study, we provide four high‐level partitioning schemes—one for each of the types in our framework. We also systematically review the related work on hardware‐enforced partitioning by categorising previous research efforts according to our framework. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices

Cited by 66 publications

References 17 publications

CaSE: Cache-Assisted Secure Execution on ARM Processors

CaSE: Cache-Assisted Secure Execution on ARM Processors

Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes

A framework for application partitioning using trusted execution environments

Contact Info

Product

Resources

About