PrivateZone: Providing a Private Execution Environment Using ARM TrustZone

ARM TrustZone is widely used to provide a Trusted Execution Environment (TEE) for mobile devices. However, the use of TrustZone is limited because TrustZone resources are only available for some pre-authorized applications. In other words, only alliances of the TrustZone OS vendors and device manufa...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2018-09, Vol.15 (5), p.797-810
Main Authors: Jang, Jinsoo, Choi, Changho, Lee, Jaehyuk, Kwak, Nohyun, Lee, Seongman, Choi, Yeseul, Kang, Brent Byunghoon
Format: Article
Language:English
Subjects:
ARM trustzone
Cybersecurity
Electronic devices
Kernel
Microprocessors
mobile device security
Mobile handsets
Monitoring
Registers
Security
Trusted execution environment
Virtual machine monitors
Virtualization
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:ARM TrustZone is widely used to provide a Trusted Execution Environment (TEE) for mobile devices. However, the use of TrustZone is limited because TrustZone resources are only available for some pre-authorized applications. In other words, only alliances of the TrustZone OS vendors and device manufacturers can use TrustZone to secure their services. To help overcome this problem, we designed the PrivateZone framework to enable individual developers to utilize TrustZone resources. Using PrivateZone, developers can run Security Critical Logics (SCL) in a Private Execution Environment (PrEE). The advantage of PrivateZone is its leveraging of TrustZone resources without undermining the security of existing services in the TEE. To guarantee this, PrivateZone creates a PrEE using a memory region that is isolated from both the Rich Execution Environment (REE) and TEE. In this paper, we describe the design and implementation of PrivateZone. The prototype of PrivateZone was implemented on an Arndale board with a Cortex-A15 dual-core processor. We built PrivateZone by exploring both security and virtualization extensions of the ARM architecture. To illustrate the usage and the efficacy of PrivateZone, we developed an Android application based on PrivateZone framework, and evaluated the performance overhead imposed on the OS in the REE and SCLs in the PrEE.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2016.2622261