ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2017, Vol. 54 ›› Issue (10): 2268-2283.doi: 10.7544/issn1000-1239.2017.20170387

Previous Articles     Next Articles

A TrustZone Based Application Protection Scheme in Highly Open Scenarios

Zhang Yingjun1,3, Feng Dengguo1,2, Qin Yu1, Yang Bo1   

  1. 1(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190); 2(State Key Laboratory of Computer Sciece (Institute of Software, Chinese Academy of Sciences), Beijing 100190); 3(University of Chinese Academy of Sciences, Beijing 100190)
  • Online:2017-10-01

Abstract: We propose a protection scheme for security-sensitive applications on mobile embedded devices, which is focus on the scenarios with both strong security and high openness requirements, such as “bring your own device”, mobile cloud computing. To meet the security requirements, we leverage the trusted execution environment of ARM TrustZone to provide strong isolation guarantees for applications even in the presence of a malicious operating system. To meet the openness requirements, our scheme has two major advantages compared with previous TrustZone-based solutions. Firstly, it moves concrete sensitive applications from TrustZone secure world to the normal world, so that the trusted computing base keeps small and unchanged regardless of the amount of supported security applications. Secondly, it leverages a light-weight kernel monitor in the secure world to enforce the untrusted operating system to serve these security applications legally, so that they could securely use standard system calls, which could provide critical features for the openness requirements, such as dynamic application deployment. We also propose proactive attestation, a novel technique that greatly improves the system efficiency by enforcing the operating system to contribute to its own verification. We implement the prototype system on real TrustZone devices. The experiment results show that our scheme is practical with acceptable performance overhead.

Key words: TrustZone, trusted execution environment, sensitive application protection, kernel monitor, kernel proactive attestation

CLC Number: