TY - JOUR
T1 - Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM
AU - Guan, Le
AU - Cao, Chen
AU - Liu, Peng
AU - Xing, Xinyu
AU - Ge, Xinyang
AU - Zhang, Shengzhi
AU - Yu, Meng
AU - Jaeger, Trent
N1 - Funding Information:
This work was supported by U.S. Army Research Office award W911NF-13-1-0421 (MURI), US National Science Foundation under Grant No. CNS-1422594, CNS-1505664, CNS-1634441, CNS-1422355, CNS-1408880, SBE-1422215, and the Penn State Institute for CyberScience (ICS) Seed Funding Initiative grant. This manuscript is an extension of the conference version appearing in the Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys ’17) [1]. This manuscript presents a more detailed description of the system design, and augments the system to enable more comprehensive protection to trusted applications even in the presence of physical intrusions to the devices.
Publisher Copyright:
© 2004-2012 IEEE.
PY - 2019/5/1
Y1 - 2019/5/1
N2 - The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.
AB - The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.
UR - http://www.scopus.com/inward/record.url?scp=85050996903&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050996903&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2018.2861756
DO - 10.1109/TDSC.2018.2861756
M3 - Article
AN - SCOPUS:85050996903
SN - 1545-5971
VL - 16
SP - 438
EP - 453
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 3
M1 - 8423674
ER -