3 research outputs found
It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones
Modern smartphones are complex systems in which control over phone resources
is exercised by phone manufacturers, OS vendors, and users. These stakeholders
have diverse and often competing interests. Barring some exceptions, users
entrust their security and privacy to OS vendors (Android and iOS) and need to
accept their constraints. Manufacturers protect their firmware and peripherals
from the OS by executing in the highest privilege and leveraging dedicated CPUs
and TEEs. OS vendors need to trust the highest privileged code deployed by
manufacturers. This division of control over the phone is not ideal for OS
vendors and is even more disadvantageous for the users. Users are generally
limited in what applications they can install on their devices, in the privacy
model and trust assumptions of the existing applications, and in the
functionalities that applications can have.
We propose TEEtime, a new smartphone architecture based on trusted execution
allowing to balance the control different stakeholders exert over phones. More
leveled control over the phone means that no stakeholder is more privileged
than the others. In particular, TEEtime makes users sovereign over their
phones: It enables them to install sensitive applications in isolated domains
with protected access to selected peripherals alongside an OS. TEEtime achieves
this while maintaining compatibility with the existing smartphone ecosystem and
without relying on virtualization; it only assumes trust in a phone's firmware.
TEEtime is the first TEE architecture that allows isolated execution domains to
gain protected and direct access to peripherals. TEEtime is based on Armv8-A
and achieves peripheral isolation using a novel mechanism based on memory and
interrupt controller protection. We demonstrate the feasibility of our design
by implementing a prototype of TEEtime, and by running exemplary sensitive
applications
Sovereign Smartphone: To Enjoy Freedom We Have to Control Our Phones
The majority of smartphones either run iOS or Android operating systems. This has created two distinct ecosystems largely controlled by Apple and Google - they dictate which applications can run, how they run, and what kind of phone resources they can access. Barring some exceptions in Android where different phone manufacturers may have influence, users, developers, and governments are left with little to no choice. Specifically, users need to entrust their security and privacy to OS vendors and accept the functionality constraints they impose. Given the wide use of Android and iOS, immediately leaving these ecosystems is not practical, except in niche application areas. In this work, we draw attention to the magnitude of this problem and why it is an undesirable situation. As an alternative, we advocate the development of a new smartphone architecture that securely transfers the control back to the users while maintaining compatibility with the rich existing smartphone ecosystems. We propose and analyze one such design based on advances in trusted execution environments for ARM and RISC-V
It’s TEEtime: Bringing User Sovereignty to Smartphones
The majority of smartphones either run iOS or Android operating systems. This has created two distinct ecosystems largely controlled by Apple and Google - they dictate which applications can run, how they run, and what kind of phone resources they can access. Barring some exceptions in Android where different phone manufacturers may have influence, users, developers, and governments are left with little control. Specifically, users need to entrust their security and privacy to OS vendors and accept the functionality constraints they impose. Given the wide use of Android and iOS, immediately leaving these ecosystems is not practical, except in niche application areas. In this work, we propose a new smartphone architecture that securely transfers the control over the smartphone back to the users while maintaining compatibility with the existing smartphone ecosystems. Our architecture, named TEEtime, is based on ARMv8 and implements novel, TEE-based, resource and interrupt isolation mechanisms which allow the users to flexibly choose which resources (including peripherals) to dedicate to different isolated domains, namely, to legacy OSs and to user's proprietary software. We show the feasibility of our design by implementing a prototype of TEEtime on an ARM emulator