MicroTEE: Designing TEE OS Based on the Microkernel Architecture

ARM TrustZone technology is widely used to provide Trusted Execution Environments (TEE) for mobile devices. However, most TEE OSes are implemented as monolithic kernels. In such designs, device drivers, kernel services and kernel modules all run in the kernel, which results in large size of the kernel. It is difficult to guarantee that all components of the kernel have no security vulnerabilities in the monolithic kernel architecture, such as the integer overflow vulnerability in Qualcomm QSEE TrustZone and the TZDriver vulnerability in HUAWEI Hisilicon TEE architecture. This paper presents MicroTEE, a TEE OS based on the microkernel architecture. In MicroTEE, the microkernel provides strong isolation for TEE OS's basic services, such as crypto service and platform key management service. The kernel is only responsible for providing core services such as address space management, thread management, and inter-process communication. Other fundamental services, such as crypto service and platform key management service are implemented as applications at the user layer. Crypto Services and Key Management are used to provide Trusted Applications (TAs) with sensitive information encryption, data signing, and platform attestation functions. Our design avoids the compromise of the whole TEE OS if only one kernel service is vulnerable. A monitor has also been added to perform the switch between the secure world and the normal world. Finally, we implemented a MicroTEE prototype on the Freescale i.MX6Q Sabre Lite development board and tested its performance. Evaluation results show that the performance of cryptographic operations in MicroTEE is better than it in Linux when the size of data is small.Comment: 8 pages, 8 figure

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself

Enhanced Password Security on Mobile Devices

<p>Sleek and powerful touchscreen devices with continuous access to high-bandwidth wireless data networks have transformed mobile into a first-class development platform. Many applications (i.e., "apps") written for these platforms rely on remote services such as Dropbox, Facebook, and Twitter, and require users to provide one or more passwords upon installation. Unfortunately, today's mobile platforms provide no protection for users' passwords, even as mobile devices have become attractive targets for password-stealing malware and other phishing attacks.</p><p>This dissertation explores the feasibility of providing strong protections for passwords input on mobile devices without requiring large changes to existing apps.</p><p>We propose two approaches to secure password entry on mobile devices: ScreenPass and VeriUI. ScreenPass is integrated with a device's operating system and continuously monitors the device's screen to prevent malicious apps from spoofing the system's trusted software keyboard. The trusted keyboard ensures that ScreenPass always knows when a password is input, which allows it to prevent apps from sending password data to the untrusted servers. VeriUI relies on trusted hardware to isolate password handling from a device's operating system and apps. This approach allows VeriUI to prove to remote services that a relatively small and well-known code base directly handled a user's password data.</p>Dissertatio

ARM 기반 기기의 보안 향상을 위한 하드웨어 기반의 격리 기술

학위논문 (박사)-- 서울대학교 대학원 : 공과대학 전기·컴퓨터공학부, 2018. 2. 백윤흥.To protect the system from software attacks, various security approaches, such as formal verification and memory safety, have been proposed by researchers. However, many of the security approaches have not been practical to apply to real-world systems because they involve too strict restrictions or incurs significant performance overhead. In this situation, security researchers have proposed isolation approaches that dramatically reduce the attack surface by isolating security-critical parts of software from the others. The isolation approaches have been adopted in many security studies to increase the security level of software with minimal overhead. However, the security studies based on the isolation approaches have been carried out focusing on the systems, such as desktop PCs and servers. Unfortunately, in the mobile devices, the most widely used systems these days, only a few related studies have been conducted, so in these devices, the isolation approaches have evolved less in terms of security, coverage, and efficiency. In this thesis, therefore, I will perform a series of research to enhance the isolation approaches, and ultimately to increase the security level of the mobile devices. I first will analyze the usage scenarios and environments of the mobile devices and confirm the required security capabilities and levels. Subsequently, I will carefully review the recent ARM architectures that are mainly used in the mobile devices and find some salient hardware features. After that, on top of these features, I will propose novel security solutions stemming from the isolation approaches. These solutions targeting from applications to different types of system software satisfy the required security capability and levels confirmed by the previous analysis. In this thesis, I will describe the details of design and implementation of these security solutions, around the isolation approaches based on the salient hardware features. Also, the efficiency and effectiveness of these solutions will be demonstrated through various experimental results.Abstract Contents ii List of Tables v List of Figures vi 1 INTRODUCTION 1 2 Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices 7 2.1 Introduction 2.2 Background 2.2.1 Security extensions 2.2.2 Virtualization extensions 2.3 Threat model and Assumptions 2.4 Design 2.4.1 Design objectives 2.4.2 Overall Design 2.4.3 Development of SCCs 2.4.4 Provision of SCCs 2.4.5 Execution of SCCs 2.4.6 On-demand activation of the OSP hypervisor 2.4.7 Interface implementation 2.5 Implementation 2.5.1 OSP Hypervisor 2.5.2 Boot Sequence of OSP 2.6 Evaluation 2.6.1 Performance impact 2.6.2 World switching latency 2.6.3 Application benchmarks 2.6.4 Security analysis 2.7 Future work 2.8 Related work 2.9 Conclusion 3 Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM 37 3.1 Introduction 3.2 Threat Model and Related Work 3.2.1 Threat Model 3.2.2 Related Work 3.3 Background 3.3.1 Exception Level 3.3.2 Virtual Address Range 3.3.3 Translation Lookaside Buffer 3.4 Design 3.4.1 Overview of Hilps 3.4.2 Intra-Level Isolation Mechanism 3.4.3 Domain Switching Mechanism 3.4.4 Monitoring Capability 3.5 Implementation 3.6 Evaluation 3.6.1 Switching Overhead 3.6.2 Micro Benchmarks 3.6.3 Macro Benchmarks 3.6.4 Security Application Benchmark 3.7 Discussion 3.8 Conclusion 4 Instruction-Level Data Isolation for the Kernel on ARM 76 4.1 Introduction 4.2 Related Work 4.3 Background 4.4 Design and Implementation 4.4.1 Threat Model and Assumption 4.4.2 ILDI Mechanism 4.4.3 Enforcement of the ILDI mechanism 4.4.4 Security Analysis 4.5 Evaluation 4.5.1 Primitive Operation 4.5.2 Impact on the System 4.6 Conclusion 5 CONCLUSION Abstract (In Korean)Docto