• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Zhang Fengwei, Zhou Lei, Zhang Yiming, Ren Mingde, Deng Yunjie. Trusted Execution Environment: State-of-the-Art and Future Directions[J]. Journal of Computer Research and Development, 2024, 61(1): 243-260. DOI: 10.7544/issn1000-1239.202221016
Citation: Zhang Fengwei, Zhou Lei, Zhang Yiming, Ren Mingde, Deng Yunjie. Trusted Execution Environment: State-of-the-Art and Future Directions[J]. Journal of Computer Research and Development, 2024, 61(1): 243-260. DOI: 10.7544/issn1000-1239.202221016
shu

Trusted Execution Environment: State-of-the-Art and Future Directions

  • Research Institute of Trustworthy Autonomous Systems, Southern University of Science and Technology, Shenzhen, Guangdong 518055

  • Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen, Guangdong 518055

Funds: This work was supported by the National Natural Science Foundation of China (62372218, 62002151) and the Shenzhen Science and Technology Program (SGDX20201103095408029).
More Information
  • Author Bio:

    Zhang Fengwei: born in 1986. PhD, professor, PhD supervisor. Senior member of CCF. His main research interests include system security, hardware assisted security, trusted execution environment, transparent tracing, and debugging technology

    Zhou Lei: born in 1988. PhD. His main research interests include x86-based system security and trusted computing technology

    Zhang Yiming: born in 1994. PhD candidate. His main research interests include Arm architecture confidential computing and hardware assisted security system

    Ren Mingde: born in 1999. PhD candidate. His main research interests include RISC-V architecture system security and confidential computing technology

    Deng Yunjie: born in 1998. Master. His main research interests include Arm architecture system security and confidential computing technology

  • Received Date: December 15, 2022
  • Revised Date: May 29, 2023
  • Available Online: September 20, 2023
    Graphical Abstract
    • Abstract

  • Trusted execution environment (TEE) technologies are widely developed in the current computer systems along with the user’s serious concerns about privacy protection, secure computing, etc. in network services. Generally, TEEs provide an isolated execution environment for the managers and users for privacy and confidential computing even if the underlying operating systems are compromised. To build the TEEs, the device manufacturers like Intel, Arm update the hardware foundation by adding the external processor mode, memory control, cryptography engine, etc. In addition, they provide corresponding interfaces in the system following the application requirements. Except that, researchers further design compatible TEE models for various goals with the above hardware or firmware assistance. We comprehensively analyze the technical characteristics of TEE technology in mainstream system architecture (including x86, Arm, RISC-V, heterogeneous computing unit), including infrastructure and hardware facilities design, software interface definition, security boundary, etc., and explore the feasible application scenarios of TEE technology. At the same time, we analyze the challenges of current TEE technologies and discuss the limitations and the security risks, e.g., side-channel attacks. Finally, we summarize the advantages and disadvantages of various TEE technologies from the aspects of security and functionality, and consider the future development of TEE.

    • FullText(HTML)
    • References (122)
  • [1]
    Dai Weiqi, Jin Hai, Zou Deqing, et al. TEE: A virtual DRTM based execution environment for secure cloud-end computing[C] //Proc of the 17th ACM Conf on Computer and Communications Security. New York: ACM, 2010: 663−665
    [2]
    Bryan P. Bootstrapping trust in a trusted platform[C/OL] // Proc of the 3rd Conf on Hot Topics in Security. Berkeley, CA: USENIX Association, 2008[2023-05-17].https://dl.acm.org/doi/10.5555/1496671.1496680
    [3]
    Cramer R, Damgård I B. Secure Multiparty Computation and Secret Sharing[M]. Cambridge, UK: Cambridge University Press, 2015
    [4]
    Xu Yi, Paulet R, Bertino E, et al. Homomorphic Encryption and Applications[M]. Berlin: Springer, 2014
    [5]
    Wang Zhiwei, Hou Rui, Li Peinan, et al. HE-Booster: An efficient polynomial arithmetic acceleration on GPUs for fully homomorphic encryption[J]. IEEE Transactions on Parallel and Distributed Systems, 2023, 34(4): 1067−1081 doi: 10.1109/TPDS.2022.3228628
    [6]
    Wojtczuk R, Joanna R. Attacking SMM memory via Intel CPU cache poisoning [EB/OL]. Invisible Things Lab, 2009 [2023-04-23].https://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf
    [7]
    Futral W, Greene J. Intel Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacenters[M]. Berkely, CA: Apress, 2013
    [8]
    Skochinsky I. Intel ME secrets[EB/OL]. RECON, 2014[2023-04-21].https://recon.cx/2014/slides/Recon 2014 Skochinsky.pdf
    [9]
    Android. Android enterprise security[EB/OL]. 2020[2023-03-01].https://www.android.com/static/2016/pdfs/enterprise/Android_Enterprise_Security_White_Paper_2019.pdf
    [10]
    Costan V, Devadas S. Intel SGX explained[EB/OL]. IACR Cryptology ePrint Archive, (2017-02-21)[2023-05-17].https://eprint.iacr.org/2016/086.pdf
    [11]
    Lee D, Kohlbrenner D, Shinde S, et al. Keystone: An open framework for architecting trusted execution environments[C] //Proc of the 15th European Conf on Computer Systems. New York: ACM, 2020: 1−16
    [12]
    Feng Erhu, Lu Xu, Du Dong, et al. Scalable memory protection in the PENGLAI enclave[C] //Proc of the 15th USENIX Symp on Operating Systems Design and Implementation. Berkeley, CA: USENIX Association, 2021: 271−294
    [13]
    Deng Yunjie, Wang Chenxu, Yu Shunchang, et al. StrongBox: A GPU TEE on Arm endpoints[C] //Proc of the 29th ACM SIGSAC Conf on Computer and Communications Security (CCS’22). New York: ACM, 2022: 769–783
    [14]
    Volos S, Vaswani K, Bruno R. Graviton: Trusted execution environments on GPUs[C] //Proc of the 13th USENIX Conf on Operating Systems Design and Implementation (OSDI’18). Berkeley, CA: USENIX Association, 2018: 681–696
    [15]
    Buhren R, Eichner A, Werling C. Uncover, understand, own-regaining control over your AMD CPU[R/OL]. 2019[2023-04-23].https://pretalx.com/36c3/talk/10942/
    [16]
    Lai R. AMD security and server innovation[R/OL]. 2013[2023-04-20].https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf
    [17]
    Raj H, Saroiu S, Wolman A, et al. fTPM: A firmware-based TPM 2.0 implementation, MSR-TR-2015−84[R]. Redmond: Microsoft Research, 2015
    [18]
    Perez R, Sailer R, van Doorn L. vTPM: Virtualizing the trusted platform module [C] //Proc of the 15th USENIX Security Symp (USENIX Security’06). Berkeley, CA: USENIX Association, 2006: 305−320
    [19]
    Zhou Lei, Xiao Jidong, Kevin L, et al. Nighthawk: Transparent system introspection from ring-3[C] //Proc of the 24th European Symp on Research in Computer Security (ESORICS’19). Berlin: Springer, 2019: 217–238
    [20]
    Vassilios V. Security evaluation of Intel’s active management technology[D]. Stockholm, Sweden: KTH Information and Communication Technology, 2010
    [21]
    Christian W, Robert B. Dissecting the AMD platform security processor [EB/OL]. Chaos Communication Camp, (2019-08-24)[2023-05-17].https://www.reddit.com/r/Amd/comments/cvdy5t/dissecting_the_amd_platform_security_processor/
    [22]
    Azab A M, Ning Peng, Zhang Xiaolan. SICE: A hardware-level strongly isolated computing environment for x86 multi-core platforms[C] //Proc of the 18th ACM Conf on Computer and Communications Security. New York: ACM, 2011: 375−388
    [23]
    Zhou Lei, Zhang Fengwei, Liao Jinghui, et al. KShot: Live kernel patching with SMM and SGX[C] //Proc of the 50th Annual IEEE/IFIP Int Conf on Dependable Systems and Networks (DSN). Piscataway, NJ: IEEE, 2020: 1−13
    [24]
    Zhang Fengwei, Kevin L, Angelos S, et al. Using hardware features for increased debugging transparency[C] //Proc of the 36th IEEE Symp on Security and Privacy(S&P’15). Piscataway, NJ: IEEE, 2015: 55−69
    [25]
    Zhou Lei, Ding Xuhua, Zhang Fengwei. SMILE: Secure memory introspection for live enclave[C] //Proc of the 43rd IEEE Symp on Security and Privacy (S&P’22). Piscataway, NJ: IEEE, 2022: 1536−1536
    [26]
    Shen Youren, Tian Hongliang, Chen Yu, et al. Occlum: Secure and efficient multitasking inside a single enclave of Intel SGX[C] //Proc of the 25th Int Conf on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’20). New York: ACM, 2020: 955–970
    [27]
    Li Mengyuan, Zhang Yinqian, Wang Huibo, et al. CIPHERLEAKS: Breaking constant-time cryptography on AMD SEV via the ciphertext side channel[C] //Proc of the 30th USENIX Security Symp (USENIX Security’21). Berkeley, CA: USENIX Association, 2021: 717−732
    [28]
    Li Mengyuan, Zhang Yinqian, Lin Zhiqiang. CrossLine: Breaking “Security-by-Crash” based memory isolation in AMD SEV[C] //Proc of the 28th ACM SIGSAC Conf on Computer and Communications Security (CCS’21). New York: ACM, 2021: 2937–2950
    [29]
    Intel. Trust domain extensions (TDX)[EB/OL]. 2023[2023-03-08].https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
    [30]
    Intel. TDX-TOOLS[EB/OL]. 2023[2023-04-21].https://github.com/intel/tdx-tools
    [31]
    Intel. TDX-Module[EB/OL]. 2023[2023-04-21].https://github.com/intel/tdx-module
    [32]
    Hua Zhichao, Gu Jinyu, Xia Yubin, et al. vTZ: Virtualizing Arm TrustZone[C]//Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association, 2017: 541−556
    [33]
    Cho Y, Shin J, Kwon D, et al. Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices[C]//Proc of the 24th USENIX Annual Technical Conf. Berkeley, CA: USENIX Association, 2016: 565−578
    [34]
    Jang J, Choi C, Lee J, et al. PrivateZone: Providing a private execution environment using Arm TrustZone[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 15(5): 797−810
    [35]
    Brasser F, Gens D, Jauernig P, et al. SANCTUARY: Arm TrustZone with user-space enclaves[C/OL]//Proc of the 26th Network and Distributed System Security Symp (NDSS). Washington: ISOC, (2019-02-24)[2023-05-17].https://www.ndss-symposium.org/ndss-paper/sanctuary-arming-trustzone-with-user-space-enclaves/
    [36]
    Sun He, Sun Kun, Wang Yuewu, et al. TrustICE: Hardware-assisted isolated computing environments on mobile devices[C]//Proc of the 45th Annual IEEE/IFIP Int Conf on Dependable Systems and Networks. Piscataway, NJ: IEEE, 2015: 367−378
    [37]
    Li Wenhao, Xia Yubin, Lu Long, et al. TEEv: Virtualizing trusted execution environments on mobile platforms[C]//Proc of the 15th ACM SIGPLAN/SIGOPS Int Conf on Virtual Execution Environments. New York: ACM, 2019: 2−16
    [38]
    Kwon D, Seo J, Cho Y, et al. PrOS: Light-weight privatized secure OSes in Arm TrustZone[J]. IEEE Transactions on Mobile Computing, 2019, 19(6): 1434−1447
    [39]
    Zhao Shijun, Zhang Qianying, Qin Yu, et al. SecTEE: A software-based approach to secure enclave architecture using TEE[C]//Proc of the 26th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 1723−1740
    [40]
    Cerdeira D, Martins J, Santos N, et al. ReZone: Disarming TrustZone with TEE privilege reduction[C]// Proc of the 31st USENIX Security Symp. Berkeley, CA: USENIX Association, 2022: 2261−2279
    [41]
    Arm. Hafnium architecture [EB/OL]. (2019-11-14) [2023-05-17].https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/HEAD/docs/Architecture.md
    [42]
    Li Dingji, Mi Zeyu, Xia Yubin, et al. TwinVisor: Hardware-isolated confidential virtual machines for Arm[C] //Proc of the 28th ACM SIGOPS Symp on Operating Systems Principles. New York: ACM, 2021: 638−654
    [43]
    ARM. Arm confidential compute architecture software stack [EB/OL]. 2022[2023-05-17].https://developer.arm.com/documentation/den0127/a/Software-components
    [44]
    Costan V, Lebedev I, Devadas S. Sanctum: Minimal hardware extensions for strong software isolation[C] //Proc of the 25th USENIX Security Symp. Berkeley, CA: USENIX Association, 2016: 857−874
    [45]
    Weiser S, Werner M, Brasser F, et al. TIMBER-V: Tag-isolated memory bringing fine-grained enclaves to RISC-V[C/OL] //Proc of the 26th Network and Distributed System Security Symp. Washington: ISOC, 2019[2023-05-17].https://www.ndss-symposium.org/ndss-paper/timber-v-tag-isolated-memory-bringing-fine-grained-enclaves-to-risc-v/
    [46]
    Bahmani R, Brasser F, Dessouky G, et al. CURE: A security architecture with customizable and resilient enclaves[C] //Proc of the 30th USENIX Security Symp. Berkeley, CA: USENIX Association, 2021: 1073−1090
    [47]
    Zhu Jianping, Hou Rui, Wang XiaoFeng, et al. Enabling rack-scale confidential computing using heterogeneous trusted execution environment[C]// Proc of the 41st IEEE Symp on Security and Privacy (SP). Piscataway, NJ: IEEE, 2020: 1450–1465
    [48]
    NVIDIA. NVIDIA confidential computing [EB/OL]. 2022[2023-05-17].https://www.nvidia.com/en-us/data-center/solutions/confidential-computing/.
    [49]
    Jiang Jianyu, Qi ji, Chen Xusheng, et al. CRONUS: Fault-isolated, se-cure and high-performance heterogeneous computing for trusted execution evironment [C] //Proc of the 55th IEEE/ACM Int Symp on Microarchitecture (MICRO). Piscataway, NJ: IEEE, 2022: 124−143
    [50]
    Wang Xingbin, Hou Rui, Zhu Yifan, et al. NPUFort: A secure architecture of DNN accelerator against model inversion attack [C] // Proc of the 16th ACM Int Conf on Computing Frontiers. New York: ACM, 2019: 190−196
    [51]
    Lee S, Kim J, Na S, et al. TNPU: Supporting trusted execution with tree-less integrity protection for neural processing unit [C] //Proc of the 28th IEEE Int Symp on High-Performance Computer Architecture (HPCA). Piscataway, NJ: IEEE, 2022: 229−243
    [52]
    Kinney L. Trusted Platform Module Basics: Using TPM in Embedded Systems[M]. Washington: Newnes, 2006
    [53]
    Proudler G, Chen Liqun, Dalton C. Trusted Computing Platforms: TPM2.0 in Context [M]. Berlin: Springer, 2014
    [54]
    Kauer B. OSLO: Improving the security of trusted computing[C] //Proc of the 16th USENIX Security Symp. Berkeley, CA: USENIX Association, 2007: 173−191
    [55]
    AMD. SEV-SNP, Strengthening VM isolation with integrity protection and more [EB/OL]. 2020[2023-05-17].https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf
    [56]
    Cui Jinhua, Yu Z, Shinde S, et al. SmashEx: Smashing SGX enclaves using exceptions[C] //Proc of the 28th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2021: 779−793
    [57]
    Weichbrodt N, Kurmus A, Pietzuch P, et al. AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves[C] //Proc of the 21st European Symp on Research in Computer Security (ESORICS). Berlin: Springer, 2016: 440−457
    [58]
    Ermolov M, Goryachy M. How to hack a turned-off computer, or running unsigned code in Intel management engine[R/OL]. London: Black Hat Europe, 2017 [2023-04-20].https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine-wp.pdf
    [59]
    Ragab H, Milburn A, Razavi K, et al. CROSSTALK: Speculative data leaks across cores are real[C] //Proc of the 42nd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2021: 1852−1867
    [60]
    Van Bulck J, Piessens F, Strackx R. SGX-Step: A practical attack framework for precise enclave execution control[C/OL] //Proc of the 2nd Workshop on System Software for Trusted Execution. New York: ACM, 2017[2023-05-17].https://dl.acm.org/doi/10.1145/3152701.3152706
    [61]
    Yarom Y, Falkner K. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack[C] //Proc of the 23rd USENIX Security Symp. Berkeley, CA: USENIX Association, 2014: 719–732
    [62]
    Osvik D, Shamir A, Tromer E. Cache attacks and countermeasures: The case of AES[G/OL]//LNCS 3960: Proc of the 6th Cryptographers’ Track at the RSA Conf on Topics in Cryptolog. Berlin: Springer, 2006[2023-05-17].https://dl.acm.org/doi/10.1007/11605805_1
    [63]
    Tromer E, Osvik E, Shamir A. Efficient cache attacks on AES, and countermeasures[J]. IACR Journal of Cryptology, 2010, 23(1): 37−71 doi: 10.1007/s00145-009-9049-y
    [64]
    Van Schaik S, Minkin M, Kwong A, et al. CacheOut: Leaking data on Intel CPUs via cache evictions[C] // Proc of the 42nd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2021: 339−354
    [65]
    Moghimi A, Irazoqui G, Eisenbarth T. CacheZoom: How SGX amplifies the power of cache attacks[C] // Proc of the 19th Int Conf of Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2017: 69−90
    [66]
    Dall F, De Micheli G, Eisenbarth T, et al. CacheQuote: Efficiently recovering long-term secrets of SGX EPID via cache attacks[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(2): 171−191
    [67]
    Li Mengyuan, Zhang Yinqian, Wang Huibo, et al. TLB poisoning attacks on AMD secure encrypted virtualization[C] //Proc of the 37th Annual Computer Security Applications Conf. New York: ACM, 2021: 609−619
    [68]
    Kocher P, Horn J, Fogh A, et al. Spectre attacks: Exploiting speculative execution[C] //Proc of the 40th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2019: 1–19
    [69]
    Chen Guoxing, Chen Sanchuan, Xiao Yuan, et al. SgxPectre: Stealing Intel secrets from SGX enclaves via speculative execution[C] //Proc of the 4th IEEE European Symp on Security and Privacy. Piscataway, NJ: IEEE, 2019: 142−157
    [70]
    Koruyeh E M, Khasawneh K, Song Chengyu, et al. Spectre returns! Speculation attacks using the return stack buffer[C/OL] //Proc of the 12th USENIX Workshop on Offensive Technologies. Berkeley, CA: USENIX Association, 2018[2023-05-17].https://dl.acm.org/doi/abs/10.5555/3307423.3307426
    [71]
    Lipp M, Schwarz M, Gruss D, et al. Meltdown: Reading kernel memory from user space[C] //Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 973−990
    [72]
    Van Bulck J, Minkin M, Weisse O, et al. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution[C] //Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 991−1008
    [73]
    Huo Tianlin, Meng Xiaoni, Wang Wenhao, et al. Bluethunder: A 2-level directional predictor-based side-channel attack against SGX[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(1): 321−347
    [74]
    Morbitzer M, Huber M, Horsch J, et al. SEVered: Subverting AMD’s virtual machine encryption[C/OL] //Proc of the 11th European Workshop on Systems Security. New York: ACM, 2018[2023-05-17].https://doi.org/10.1145/3193111.3193112
    [75]
    Murdock K, Oswald D, Garcia F D, et al. Plundervolt: Software-based fault injection attacks against Intel SGX[C] //Proc of the 41st IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2020: 1466−1482
    [76]
    Chen Zitai, Vasilakis G, Murdock K, et al. VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves using the SVID voltage scaling interface[C] //Proc of the 30th USENIX Security Symp. Berkeley, CA: USENIX Association, 2021: 699−716
    [77]
    Lu M. TrustZone, TEE and trusted video path implementation considerations [EB/OL]. 2018[2023-04-23].https://www.arm.com/files/event/Developer_Track_6_TrustZone_TEEs_and_Trusted_Video_Path_implemention_considerations.pdf
    [78]
    Trustonic. Trustonic application protection delivers comprehensive security for mobile financial aervices [EB/OL]. 2018[2023-04-23]. https: //www. trustonic. com/markets/financial-services/
    [79]
    Beniamini G. QSEE privilege escalation vulnerability and exploit [EB/OL]. 2016[2024-04-23]. http://bits-please.blogspot.com/2016/05/qsee-privilege-escalation-vulnerability.html
    [80]
    Linaro. ClearKey OP-TEE AOSP DRM plugin[EB/OL]. 2019[2023-04-23].https://gith ub.com/linaro-mmwg/clearkeydrmplugin
    [81]
    ARM. ARM CoreLink TZC-400 TrustZone address space controller technical reference manual, ID063014 [R/OL]. 2021[2023-04-23].https://developer.arm.com/documentation/ddi0504/latest/
    [82]
    ARM. Arm CCA software architecture [EB/OL]. 2022[2023-04-23].https://developer.arm.com/documentation/den0125/0200/Arm-CCA-Software-Architecture
    [83]
    ARM. Arm realm management extension (RME)[EB/OL]. 2021[2023-04-23].https://developer.arm.com/documentation/ den0129/aa
    [84]
    张英骏,冯登国,秦宇 等. 基于TrustZone的开放环境中敏感应用防护方案[J]. 计算机研究与发展,2017,54(10):2268−2283 doi: 10.7544/issn1000-1239.2017.20170387

    Zhang Yingjun, Feng Dengguo, Qin Yu, et al. A TrustZone based application protection scheme in highly open scenarios[J]. Journal of Computer Research and Development, 2017, 54(10): 2268−2283 (in Chinese) doi: 10.7544/issn1000-1239.2017.20170387
    [85]
    Beniamini G. TrustZone kernel privilege escalation (CVE-2016-431) [EB/OL]. 2016[2023-04-23]. http://bits-please.blogspot.com/2016/06/trustzone-kernel-privilege-escalation.html
    [86]
    Beniamini G. War of the worlds-hijacking the Linux kernel from QSEE[EB/OL]. 2016[2023-04-23].https://bits-please.blogspot.com/2016/05/war-of-worlds-hijacking-linux-kernel.html
    [87]
    Komaromy D. Unbox your phone [EB/OL]. 2018[2023-04-23].https://medium.com/taszksec/unbox-your-phone-part-i-331bbf44c30c
    [88]
    Gal Beniamini. Trust issues: Exploiting TrustZone TEEs[EB/OL]. 2019[2023-04-23].https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html
    [89]
    Di Shen. Attacking your trusted core exploiting TrustZone on Android [EB/OL]. BlackHat USA. 2019[2023-04-23].https://www.blackhat.com/docs/us-15/materials/us-15-Shen-Attacking-Yor-Trusted-Core-Exploiting-Trustzone-On-Android.pdf
    [90]
    Zhang Ning, Sun He, Sun Kun, et al. CacheKit: Evading memory introspection using cache incoherence [C] // Proc of the 1st IEEE European Symp on Security and Privacy. Piscataway, NJ: IEEE, 2016: 337−352
    [91]
    Guanciale R, Nemati H, Baumann C, et al. Cache storage channels: Alias-driven attacks and verified countermeasures [C] // Proc of the 1st IEEE European Symp on Security and Privacy. Piscataway, NJ: IEEE, 2016: 38−55
    [92]
    Lipp M, Gruss D, Spreitzer R, et al. ARMageddon: Cache attacks on mobile devices [C] // Proc of the 25th USENIX Conf on Security Symp. Berkeley, CA: USENIX Association, 2016: 549−564
    [93]
    Zhang Ning, Sun Kun, Shands D, et al. TruSpy: Cache side-channel information leakage from the secure world on ARM devices [J/OL]. IACR Cryptology ePrint Archive, 2016[2023-04-24].https://eprint.iacr.org/2016/980
    [94]
    Cho H, Zhang Penghui, Kim D, et al. Prime+Count: Novel cross-world covert channels on ARM TrustZone [C] // Proc of the 34th Annual Computer Security Applications Conf (ACSAC’18). New York: ACM, 2018: 441–452
    [95]
    Jacob N, Heyszl J, Zankl A, et al. How to break secure boot on FPGA SoCs through malicious hardware [C] // Proc of the 19th Int Conf on Cryptographic Hardware and Embedded Systems (CHES). Berlin: Springer, 2017: 425–442
    [96]
    Benhani E, Marchand C, Aubert, A, et al. On the security evaluation of the ARM TrustZone extension in a heterogeneous SoC [C] // Proc of the 30th IEEE Int System-on-Chip Conf (SOCC). Piscataway, NJ: IEEE, 2017: 108–113
    [97]
    Wang Jie, Sun Kun, Lei Lingguang, et al. Cache-in-the-middle (CITM) attacks: Manipulating sensitive data in isolated execution environments [C] // Proc of the 27th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2020: 1001−1015
    [98]
    张英骏, 冯登国, 秦宇, 等. 基于Trustzone的强安全需求环境下可信代码执行方案 [J]. 计算机研究与发展, 2015, 52(10): 2224−2238

    Zhang Yingjun, Feng Dengguo, Qin Yu, et al. TrustZone-based trusted code execution scheme under strong security requirements [J]. Journal of Computer Research and Development, 2015, 52(10): 2224−2238(in Chinese)
    [99]
    郑显义,李文,孟丹. TrustZone技术的分析与研究[J]. 计算机学报,2016,39(9):1912−1928 doi: 10.11897/SP.J.1016.2016.01912

    Zheng Xianyi, Li Wen, Meng Dan. Analysis and research of TrustZone technology[J]. Chinese Journal of Computers, 2016, 39(9): 1912−1928 (in Chinese) doi: 10.11897/SP.J.1016.2016.01912
    [100]
    郑显义,史岗,孟丹. 系统安全隔离技术研究综述[J]. 计算机学报,2017,40(5):1057−1079

    Zheng Xianyi, Shi Gang, Meng Dan. Summary of research on system security isolation technology[J]. Chinese Journal of Computers, 2017, 40(5): 1057−1079 (in Chinese)
    [101]
    Birkholz H. Veraison [EB/OL]. 2023[2023-04-24].https://github.com/veraison
    [102]
    Evenchick E. RustZone: Writing trusted applications in Rust [EB/OL]. 2019[2023-04-24].https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-EvenchickRustZone.pdf
    [103]
    Shinde S, Wang Shengyi, Yuan Pinghai, et al. BesFS: A POSIX filesystem for enclaves with a mechanized safety proof [C] // Proc of the 29th USENIX Security Symp (USENIX Security’ 20). Berkeley, CA: USENIX Association, 2020: 523−540
    [104]
    RISC-V. RISC-V [EB/OL]. 2023[2023-04-24].https://riscv.org/
    [105]
    RISC-V. RISC-V specification [EB/OL]. 2023[2023-04-24].https://riscv.org/technical/specifications/
    [106]
    Nasahl P, Schilling R, Werner M, et al. HECTOR-V: A heterogeneous CPU architecture for a secure RISC-V execution environment [C] // Proc of the 16th ACM Asia Conf on Computer and Communications Security. New York: ACM, 2021: 187−199
    [107]
    Arnautov S, Trach B, Gregor F, et al. SCONE: Secure Linux containers with Intel SGX [C] // Proc of the 12th USENIX Symp on Operating Systems Design and Implementation (OSDI’16). Berkeley, CA: USENIX Association, 2016: 689−703
    [108]
    Bulck V J, Oswald D, Marin E, et al. A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes [C] // Proc of the 26th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 1741–1758
    [109]
    Le A, Dao B, Suzaki K, et al. Experiment on replication of side channel attack via cache of RISC-V Berkeley out-of-order machine (BOOM) implemented on FPGA [C/OL] // Proc of the 4th Workshop on Computer Architecture Research with RISC-V (CARRV 2020). Piscataway, NJ: IEEE, 2020[2023-04-24].https://carrv.github.io/2020/papers/CARRV2020_paper_2_Le.pdf
    [110]
    RISC-V. RISC-V trusted execution environment [EB/OL]. 2023[2023-04-24].https://lists.riscv.org/g/tech-tee
    [111]
    RISC-V. ZAYA TEE [EB/OL]. 2021[2023-04-24].https://riscv.org/blog/2021/10/zaya-now-offers-trusted-execution-environment-for-risc-v-zaya/
    [112]
    Hex-five. MultiZone [EB/OL]. 2023[2023-04-24].https://hex-five.com/multizone-security-tee-riscv/
    [113]
    FOSDEM. Trusted RV [EB/OL]. 2021[2023-04-24].https://archive.fosdem.org/2021/schedule/event/tee_trusted_rv/
    [114]
    Zhang Jie, Jung M. ZnG: Architecting GPU multi-processors with new flash for scalable data analysis [C] // Proc of the 47th ACM/IEEE Annual Int Symp on Computer Architecture (ISCA). Piscataway, NJ: IEEE, 2020: 1064−1075
    [115]
    Li Peilong, Luo Yan, Zhang Ning, et al. Heterospark: A heterogeneous CPU/GPU spark platform for machine learning algorithms [C] // Proc of the 10th IEEE Int Conf on Networking, Architecture and Storage (NAS). Piscataway, NJ: IEEE, 2015: 347−348
    [116]
    Cao Qingqing, Balasubramanian N, Balasubramanian A. MobiRNN: Efficient recurrent neural network execution on mobile GPU[C/OL] // Proc of the 1st Int Workshop on Deep Learning for Mobile Systems and Applications. New York: ACM, 2017[2023-05-17].https://doi.org/10.1145/3089801.3089804
    [117]
    Jang I, Tang A, Kim T, et al. Heterogeneous isolated execution for commodity GPUs[C] //Proc of the 24th Int Conf on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2019: 455–468
    [118]
    Che Shuai, Boyer M, Meng Jiayuan, et al. Rodinia: A benchmark suite for heterogeneous computing [C] // Proc of the 10th IEEE Int Symp on Workload Characterization (IISWC). Piscataway, NJ: IEEE, 2009: 44–54
    [119]
    Wang Chenxu, Zhang Fengwei , Deng Yunjie, et al. CAGE: Complementing Arm CCA with GPU extensions[C/OL]// Proc of the 31st Network and Distributed System Security Symp. Washington, DC: ISOC, 2023[2024-02-26]. https://dx.doi.org/10.14722/ndss.2024.24763
    [120]
    CVE. CVE-2020-5991 [EB/OL]. 2020[2023-04-24].https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5991
    [121]
    CVE. CVE-2021-1121 [EB/OL]. 2021[2023-04-24].https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1121
    [122]
    CVE. CVE-2022-21815 [EB/OL]. 2022[2023-04-24].https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21815
    • Related Articles

  • Related Articles

    [1]Liu Qixu, Jin Ze, Chen Canhua, Gao Xinbo, Zheng Ningjun, Fang Yiwei, Feng Yun. Survey on Internet of Things Access Control Security[J]. Journal of Computer Research and Development, 2022, 59(10): 2190-2211. DOI: 10.7544/issn1000-1239.20220510
    [2]Yang Fan, Li Fei, Shu Jiwu. Survey on Secure Persistent Memory Storage[J]. Journal of Computer Research and Development, 2020, 57(5): 912-927. DOI: 10.7544/issn1000-1239.2020.20190820
    [3]Zhou Yanwei, Yang Qiliang, Yang Bo, Wu Zhenqiang. A Tor Anonymous Communication System with Security Enhancements[J]. Journal of Computer Research and Development, 2014, 51(7): 1538-1546.
    [4]Yang Bo, Feng Dengguo, Qin Yu, Zhang Qianying, Xi Li, Zheng Changwen. Research on Direct Anonymous Attestation Scheme Based on Trusted Mobile Platform[J]. Journal of Computer Research and Development, 2014, 51(7): 1436-1445.
    [5]Tan Liang, Meng Weiming, Zhou Mingtian. An Improved Direct Anonymous Attestation Scheme[J]. Journal of Computer Research and Development, 2014, 51(2): 334-343.
    [6]Zhou Fucai, Yue Xiaohan, Bai Hongbo, Xu Jian. An Efficient Property-Based Attestation Scheme with Flexible Checking Mechanisms of Property Certificate Status[J]. Journal of Computer Research and Development, 2013, 50(10): 2070-2081.
    [7]Wang Yong, Fang Juan, Ren Xingtian, and Lin Li. Formal Verification of TCG Remote Attestation Protocols Based on Process Algebra[J]. Journal of Computer Research and Development, 2013, 50(2): 325-331.
    [8]Qian Zhenjiang, Liu Wei, and Huang Hao. OSOSM:Operating System Object Semantics Model and Formal Verification[J]. Journal of Computer Research and Development, 2012, 49(12): 2702-2712.
    [9]Xu Shiwei, Zhang Huanguo. Formal Security Analysis on Trusted Platform Module Based on Applied π Calculus[J]. Journal of Computer Research and Development, 2011, 48(8): 1421-1429.
    [10]Zhuo Jiliang, Li Xianxian, Li Jianxin, and Huai Jinpeng. A New Taxonomy of Attacks on Security Protocols and Their Security Evaluation[J]. Journal of Computer Research and Development, 2005, 42(7): 1100-1107.

  • Cited by

    Periodical cited type(5)

    1. 张涵,于航,周继威,白云开,赵路坦. 面向隐私计算的可信执行环境综述. 计算机应用. 2025(02): 467-481 .
    2. 付裕,林璟锵,冯登国. 虚拟化与密码技术应用:现状与未来. 密码学报(中英文). 2024(01): 3-21 .
    3. 徐传康,李忠月,刘天宇,种统洪,杨发雪. 基于可信执行环境的汽车域控系统安全研究. 汽车实用技术. 2024(15): 18-25+73 .
    4. 徐文嘉,岑孟杰,陈亮. 隐私保护下单细胞RNA测序数据细胞分类研究. 医学信息学杂志. 2024(10): 86-89 .
    5. 孙钰,熊高剑,刘潇,李燕. 基于可信执行环境的安全推理研究进展. 信息网络安全. 2024(12): 1799-1818 .

    Other cited types(4)

Catalog

    Get Citation
    PDF
    XML
    Article views (880) PDF downloads (371) Cited by(9)
    Turn off MathJax
    Article Contents
    Abstract
    References
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return