A TrustZone Based Application Protection Scheme in Highly Open Scenarios

Zhang Yingjun; Feng Dengguo; Qin Yu; Yang Bo

doi:10.7544/issn1000-1239.2017.20170387

Journal of Computer Research and Development > 2017 > 54(10): 2268-2283. > DOI: 10.7544/issn1000-1239.2017.20170387 CSTR: 32373.14.issn1000-1239.2017.20170387

Zhang Yingjun, Feng Dengguo, Qin Yu, Yang Bo. A TrustZone Based Application Protection Scheme in Highly Open Scenarios[J]. Journal of Computer Research and Development, 2017, 54(10): 2268-2283. DOI: 10.7544/issn1000-1239.2017.20170387

Citation:

PDF (3757 KB)

A TrustZone Based Application Protection Scheme in Highly Open Scenarios

¹(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190)
²(State Key Laboratory of Computer Sciece (Institute of Software, Chinese Academy of Sciences), Beijing 100190)
³(University of Chinese Academy of Sciences, Beijing 100190)

More Information

Published Date: September 30, 2017

Graphical Abstract

Abstract

Abstract

We propose a protection scheme for security-sensitive applications on mobile embedded devices, which is focus on the scenarios with both strong security and high openness requirements, such as “bring your own device”, mobile cloud computing. To meet the security requirements, we leverage the trusted execution environment of ARM TrustZone to provide strong isolation guarantees for applications even in the presence of a malicious operating system. To meet the openness requirements, our scheme has two major advantages compared with previous TrustZone-based solutions. Firstly, it moves concrete sensitive applications from TrustZone secure world to the normal world, so that the trusted computing base keeps small and unchanged regardless of the amount of supported security applications. Secondly, it leverages a light-weight kernel monitor in the secure world to enforce the untrusted operating system to serve these security applications legally, so that they could securely use standard system calls, which could provide critical features for the openness requirements, such as dynamic application deployment. We also propose proactive attestation, a novel technique that greatly improves the system efficiency by enforcing the operating system to contribute to its own verification. We implement the prototype system on real TrustZone devices. The experiment results show that our scheme is practical with acceptable performance overhead.
- TrustZone,
- trusted execution environment,
- sensitive application protection,
- kernel monitor,
- kernel proactive attestation

FullText(HTML)

References (0)

[1]	Li Kai, Zeng Kun, Rong Peitao, Chen Zhiqiang, Zhang Tian, Wang Yongwen. FireLink: An Evaluation Framework for Chiplet Design Space Exploration[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440082
[2]	Lin Hanyue, Wu Jingya, Lu Wenyan, Zhong Langhui, Yan Guihai. Neptune: A Framework for Generic Network Processor Microarchitecture Modeling and Performance Simulation[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440084
[3]	Zhang Qianlong, Hou Rui, Yang Sibo, Zhao Boyan, Zhang Lixin. The Role of Architecture Simulators in the Process of CPU Design[J]. Journal of Computer Research and Development, 2019, 56(12): 2702-2719. DOI: 10.7544/issn1000-1239.2019.20190044
[4]	Liu He, Ji Yu, Han Jianhui, Zhang Youhui, Zheng Weimin. Training and Software Simulation for ReRAM-Based LSTM Neural Network Acceleration[J]. Journal of Computer Research and Development, 2019, 56(6): 1182-1191. DOI: 10.7544/issn1000-1239.2019.20190113
[5]	Yang Meifang, Che Yonggang, Gao Xiang. Heterogeneous Parallel Optimization of an Engine Combustion Simulation Application with the OpenMP 4.0 Standard[J]. Journal of Computer Research and Development, 2018, 55(2): 400-408. DOI: 10.7544/issn1000-1239.2018.20160872
[6]	Liu Yuchen, Wang Jia, Chen Yunji, Jiao Shuai. Survey on Computer System Simulator[J]. Journal of Computer Research and Development, 2015, 52(1): 3-15. DOI: 10.7544/issn1000-1239.2015.20140104
[7]	Lü Huiwei, Cheng Yuan, Bai Lu, Chen Mingyu, Fan Dongrui, Sun Ninghui. Parallel Simulation of Many-Core Processor and Many-Core Clusters[J]. Journal of Computer Research and Development, 2013, 50(5): 1110-1117.
[8]	Jia Qunlin and Zhou Baijia. Earthquake Disaster Scenario Simulation Technology[J]. Journal of Computer Research and Development, 2010, 47(6): 1038-1043.
[9]	Mao Chengying, Lu Yansheng. Strategies of Regression Test Case Selection for Component-Based Software[J]. Journal of Computer Research and Development, 2006, 43(10): 1767-1774.
[10]	Wang Shihao, Wang Xinmin, Liu Mingye. Software Simulation for Hardware/Software Co-Verification[J]. Journal of Computer Research and Development, 2005, 42(3).

Cited By

Cited by

Periodical cited type(3)

1.	马涛. 海量视讯资源加速分发技术研究. 数字通信世界. 2025(02): 51-54+57 .
2.	杨卫平. 新一代飞行器导航制导与控制技术发展趋势. 航空学报. 2024(05): 154-178 .
3.	陈杏仪，柯清建. 异构算力的应用与展望. 长江信息通信. 2023(11): 226-228 .