TrustShadow: Secure execution of unmodified applications with ARM TrustZone

Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

102 Scopus citations

Abstract

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. A variety of applications now run simultaneously on an ARMbased processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting. In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. Trust-Shadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.

Original languageEnglish (US)
Title of host publicationMobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
PublisherAssociation for Computing Machinery, Inc
Pages488-501
Number of pages14
ISBN (Electronic)9781450349284
DOIs
StatePublished - Jun 16 2017
Event15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017 - Niagara Falls, United States
Duration: Jun 19 2017Jun 23 2017

Publication series

NameMobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

Other

Other15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017
Country/TerritoryUnited States
CityNiagara Falls
Period6/19/176/23/17

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications
  • Software
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'TrustShadow: Secure execution of unmodified applications with ARM TrustZone'. Together they form a unique fingerprint.

Cite this