TY - GEN
T1 - TrustShadow
T2 - 15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017
AU - Guan, Le
AU - Liu, Peng
AU - Xing, Xinyu
AU - Ge, Xinyang
AU - Zhang, Shengzhi
AU - Yu, Meng
AU - Jaeger, Trent
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/6/16
Y1 - 2017/6/16
N2 - The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. A variety of applications now run simultaneously on an ARMbased processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting. In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. Trust-Shadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.
AB - The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. A variety of applications now run simultaneously on an ARMbased processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting. In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. Trust-Shadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.
UR - http://www.scopus.com/inward/record.url?scp=85026209717&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85026209717&partnerID=8YFLogxK
U2 - 10.1145/3081333.3081349
DO - 10.1145/3081333.3081349
M3 - Conference contribution
AN - SCOPUS:85026209717
T3 - MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
SP - 488
EP - 501
BT - MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
PB - Association for Computing Machinery, Inc
Y2 - 19 June 2017 through 23 June 2017
ER -