TrustZone Explained: Architectural Features and Use Cases

Ngabonziza, Bernard; Martin, Daniel; Bailey, Anna; Cho, Haehyun; Martin, Sarah

doi:10.1109/cic.2016.065

Cited by 77 publications

(32 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Trusted nodes run inside a secure zone and have their own isolated local resources (similar to ARM Trust zone [9]). IPs 8, 9, 12 and 13 are used as trusted nodes (see Fig.…”

Section: B Threat Modelmentioning

confidence: 99%

“…In [8], the authors use cache partitioning to dedicate (parts of) caches for secure computation. The industry further advanced this concept by creating secure zones, also known as Trust Execution Environments (TEE), which isolate the sensitive tasks completely; examples are Arm Trust Zone [9], Intel SGX [10], and Sanctum (RISC-V distribution) enclave [11]. Recently, the authors in [12] and [13] have used machine learning techniques trained with high-performance counters to detect a specific set of cache access attacks, while the authors in [14] used attack models to build a lightweight hardware detector.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Guard-NoC: A Protection Against Side-Channel Attacks for MPSoCs

Reinbrecht

Aljuffri

Hamdioui

et al. 2020

2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)

View full text Add to dashboard Cite

Multi-Processor System-on-Chips (MPSoCs) are popular computational platforms for a wide variety of applications due to their energy efficiency and flexibility. Like many other platforms they are vulnerable to Side Channel Attacks (SCAs). In particular, Logical SCAs (LSCAs) are very powerful as sensitive information can be retrieved by simply observing system properties that depend on the victim's software execution on the MPSoC. Unfortunately, many of the current protection mechanisms are either platform dependent or are effective only against a reduced set of attacks. In this work, we present Guard-NoC, a secure Network-on-Chip (NoC) architecture able to protect MPSoCs against a wide variety of LSCAs. The secure NoC employs three application-independent strategies to hide and isolate sensitive information: i) blinding the execution time of operations; ii) masking the execution time of operations; and iii) dual communication strategy (i.e., use packet and circuit switching simultaneously). Our results show that our secure NoC is resilient against practical LSCAs and leaks almost no information while having a minimal area and power overhead.

show abstract

“…• Trusted nodes run inside a secure zone and have their own isolated local resources (similar to ARM Trust zone [9]). IPs 8, 9, 12 and 13 are used as trusted nodes (see Fig.…”

Section: B Threat Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Guard-NoC: A Protection Against Side-Channel Attacks for MPSoCs

Reinbrecht

Aljuffri

Hamdioui

et al. 2020

2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)

View full text Add to dashboard Cite

show abstract

“…For the iPhone, Apple introduced the SEP. Most Android phones either have a completely separate chip (i.e., Google's Titan M chip in the Pixel 3 and later) or implement the SP as a TEE using TrustZone, 9 an ARM-proprietary secure virtualized state of the application processor CPU.…”

Section: Mobile Phones As Secure Keystoresmentioning

confidence: 99%

The Identity in Everyone's Pocket

Vachon

2020

Queue

View full text Add to dashboard Cite

Newer phones use security features in many different ways and combinations. As with any security technology, however, using a feature incorrectly can create a false sense of security. As such, many app developers and service providers today do not use any of the secure identity-management facilities that modern phones offer. For those of you who fall into this camp, this article is meant to leave you with ideas about how to bring a hardware-backed and biometrics-based concept of user identity into your ecosystem.

show abstract

“…ARM TrustZone is a hardware security architecture that can be incorporated into ARMv7-A, ARMv8-A and ARMv8-M on-chip systems [12,15]. Although the underlying hardware design, features, and interfaces differ substantially to SGX, both essentially provide the same key concepts of hardware isolated execution domains and the ability to bootstrap attested software stacks into those enclaves [14].…”

Section: Related Workmentioning

confidence: 99%

Performance Principles for Trusted Computing with Intel SGX

Gjerdrum

Pettersen

Johansen

et al. 2018

Cloud Computing and Service Science

View full text Add to dashboard Cite

Cloud providers offering Software-as-a-Service (SaaS) are increasingly being trusted by customers to store sensitive data. Companies often monetize such personal data through curation and analysis, providing customers with personalized application experiences and targeted advertisements. Personal data is often accompanied by strict privacy and security policies, requiring data processing to be governed by nontrivial enforcement mechanisms. Moreover, to offset the cost of hosting the potentially large amounts of data privately, SaaS companies even employ Infrastructure-as-a-Service (IaaS) cloud providers not under the direct supervision of the administrative entity responsible for the data. Intel Software Guard Extensions (SGX) is a recent trusted computing technology that can mitigate some of these privacy and security concerns through the remote attestation of computations, establishing trust on hardware residing outside the administrative domain. This paper investigates and demonstrates the added cost of using SGX, and further argues that great care must be taken when designing system software in order to avoid the performance penalty incurred by trusted computing. We describe these costs and present eight specific principles that application authors should follow to increase the performance of their trusted computing systems.

show abstract

TrustZone Explained: Architectural Features and Use Cases

Cited by 77 publications

References 5 publications

Guard-NoC: A Protection Against Side-Channel Attacks for MPSoCs

Guard-NoC: A Protection Against Side-Channel Attacks for MPSoCs

The Identity in Everyone's Pocket

Performance Principles for Trusted Computing with Intel SGX

Contact Info

Product

Resources

About