Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM

Le Guan, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Ray Jaeger

Research output: Contribution to journalArticle

Abstract

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.

Original languageEnglish (US)
Article number8423674
Pages (from-to)438-453
Number of pages16
JournalIEEE Transactions on Dependable and Secure Computing
Volume16
Issue number3
DOIs
StatePublished - May 1 2019

Fingerprint

Dynamic random access storage
Random access storage
Dynamic mechanical analysis
Cryptography
Internet of things

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Cite this

@article{50945cb5478e47d184e7a34c31eff370,
title = "Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM",
abstract = "The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.",
author = "Le Guan and Chen Cao and Peng Liu and Xinyu Xing and Xinyang Ge and Shengzhi Zhang and Meng Yu and Jaeger, {Trent Ray}",
year = "2019",
month = "5",
day = "1",
doi = "10.1109/TDSC.2018.2861756",
language = "English (US)",
volume = "16",
pages = "438--453",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM. / Guan, Le; Cao, Chen; Liu, Peng; Xing, Xinyu; Ge, Xinyang; Zhang, Shengzhi; Yu, Meng; Jaeger, Trent Ray.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 16, No. 3, 8423674, 01.05.2019, p. 438-453.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM

AU - Guan, Le

AU - Cao, Chen

AU - Liu, Peng

AU - Xing, Xinyu

AU - Ge, Xinyang

AU - Zhang, Shengzhi

AU - Yu, Meng

AU - Jaeger, Trent Ray

PY - 2019/5/1

Y1 - 2019/5/1

N2 - The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.

AB - The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.

UR - http://www.scopus.com/inward/record.url?scp=85050996903&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050996903&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2018.2861756

DO - 10.1109/TDSC.2018.2861756

M3 - Article

VL - 16

SP - 438

EP - 453

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 3

M1 - 8423674

ER -