TruZ-View

Ying, Kailiang; Thavai, Priyank; Du, Wenliang

doi:10.1145/3292006.3300035

Cited by 8 publications

(9 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For denial of service, although our threat model considers it out of scope as described in Section 2, we can still provide a notification mechanism that turns on an LED light to indicate that the secure world is displaying confidential images. Although we do not implement it in Rushmore, previous systems [33,68] do and show that it can be a functional solution.…”

Section: Security Analysismentioning

confidence: 94%

“…In other words, the normal world and the secure world use two separate display channels-the frame buffer (used by the normal world) and the overlay buffer (used by the secure world). Therefore, Rushmore does not need to make a pixel-wise copy of the normal world's content to display it unlike a technique used by previous systems [33,68].…”

Section: Rushmore Usage Modelmentioning

confidence: 99%

“…Although we cannot do apples-to-apples comparisons, our TCB size is comparable to previous systems that have used OP-TEE for their implementation. For example, VButton [34] reports additional 1.3K, TrustTokenF [69] reports additional 4.5K, and TruZ-View [68] reports additional 3.4K.…”

Section: Tcb Sizementioning

confidence: 99%

“…The normal world can only access its own memory regions and the buffer memory regions shared between the normal world and the secure world for passing image data and arguments. Confidentiality of User Input: Previous UI protection schemes [2,34,36,68] protect not only UI elements but also user input. However, Rushmore only focuses on securing images and does not provide user input security.…”

Section: Security Analysismentioning

confidence: 99%

“…while the secure world is displaying confidential animated images (e.g., a patient's fMRI animation). One can reduce the impact of this limitation by using a technique that existing approaches have used [33,68], where the secure world displays its content over a static "screenshot" (a pixel-wise copy) of the content displayed by the normal world. However, this technique still does not allow the normal world to actively display anything on the screen since the secure world still has exclusive access to the display hardware.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Rushmore

Park

Kim

Sidhwani

et al. 2021

Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

We present Rushmore, a system that securely displays static or animated images using TrustZone. The core functionality of Rushmore is to securely decrypt and display encrypted images (sent by a trusted party) on a mobile device. Although previous approaches have shown that it is possible to securely display encrypted images using TrustZone, they exhibit a critical limitation that significantly hampers the applicability of using TrustZone for display security. The limitation is that, when the trusted domain of TrustZone (the secure world) takes control of the display, the untrusted domain (the normal world) cannot display anything simultaneously. This limitation comes from the fact that previous approaches give the secure world exclusive access to the display hardware to preserve security. With Rushmore, we overcome this limitation by leveraging a well-known, yet overlooked hardware feature called an IPU (Image Processing Unit) that provides multiple display channels. By partitioning these channels across the normal world and the secure world, we enable the two worlds to simultaneously display pixels on the screen without sacrificing security. Furthermore, we show that with the right type of cryptographic method, we can decrypt and display encrypted animated images at 30 FPS or higher for mediumto-small images and at around 30 FPS for large images. One notable cryptographic method we adapt for Rushmore is visual cryptography, and we demonstrate that it is a light-weight alternative to other cryptographic methods for certain use cases. Our evaluation shows that in addition to providing usable frame rates, Rushmore incurs less than 5% overhead to the applications running in the normal world. CCS CONCEPTS• Security and privacy → Mobile platform security; Trusted computing.

show abstract

Section: Security Analysismentioning

confidence: 94%

Section: Rushmore Usage Modelmentioning

confidence: 99%