Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM

Le Guan*, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

9 Scopus citations

Abstract

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.

Original languageEnglish (US)
Article number8423674
Pages (from-to)438-453
Number of pages16
JournalIEEE Transactions on Dependable and Secure Computing
Volume16
Issue number3
DOIs
StatePublished - May 1 2019
Externally publishedYes

Keywords

  • ARM trustzone
  • cold-boot attack
  • IoT
  • Malicious operating systems
  • physical attack
  • TEE

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM'. Together they form a unique fingerprint.

Cite this