Abstract
The world is undergoing an unprecedented technological transformation, evolving into a state where ubiquitous Internet-enabled “things” will be able to generate and share large amounts of security- and privacy-sensitive data. To cope with the security threats that are thus foreseeable, system designers can find in Arm TrustZone hardware technology a most valuable resource. TrustZone is a System-on-Chip and CPU system-wide security solution, available on today’s Arm application processors and present in the new generation Arm microcontrollers, which are expected to dominate the market of smart “things.” Although this technology has remained relatively underground since its inception in 2004, over the past years, numerous initiatives have significantly advanced the state of the art involving Arm TrustZone. Motivated by this revival of interest, this paper presents an in-depth study of TrustZone technology. We provide a comprehensive survey of relevant work from academia and industry, presenting existing systems into two main areas, namely, Trusted Execution Environments and hardware-assisted virtualization. Furthermore, we analyze the most relevant weaknesses of existing systems and propose new research directions within the realm of tiniest devices and the Internet of Things, which we believe to have potential to yield high-impact contributions in the future.
- T. Alves and D. Felton. 2004. TrustZone: Integrated hardware and software security. Tech. In-Depth 3, 4 (2004), 18--24.Google Scholar
- Android. 2018. Android Key Store. Retrieved from https://developer.android.com/training/articles/keystore.html.Google Scholar
- Arm Ltd. 2017. Arm Platform Security Architecture Overview. White Paper (Revision 1.1).Google Scholar
- N. Asokan, T. Nyman, N. Rattanavipanon, A.-R. Sadeghi, and G. Tsudik. 2018. ASSURED: Architecture for secure software update of realistic embedded devices. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 37, 11 (2018), 2290--2300.Google ScholarCross Ref
- A. Atamli-Reineh, R. Borgaonkar, R. Balisane, G. Petracca, and A. Martin. 2016. Analysis of trusted execution environment usage in samsung KNOX. In Proceedings of the Workshop on System Software for Trusted Execution. ACM, 7:1--7:6. Google ScholarDigital Library
- L. Atzori, A. Iera, and G. Morabito. 2010. The internet of things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805. Google ScholarDigital Library
- A. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. 2014. Hypervision across worlds: Real-time kernel protection from the ARM TrustZone secure world. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 90--102. Google ScholarDigital Library
- A. Azab, P. Ning, and X. Zhang. 2011. SICE: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the ACM Conference on Computer and Communications Security. 375--388. Google ScholarDigital Library
- R. Balisane and A. Martin. 2016. Trusted execution environment-based authentication gauge (TEEBAG). In Proceedings of the New Security Paradigms Workshop. ACM, 61--67. Google ScholarDigital Library
- N. Ben-Yehuda, M. Day, Z. Dubitzky, M. Factor, N. Har’El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. 2010. The turtles project: Design and implementation of nested virtualization. In Proceedings of the USENIX Conference on Operating Systems Design and Implementation. USENIX Association. Google ScholarDigital Library
- E. M. Benhani, C. Marchand, A. Aubert, and L. Bossuet. 2017. On the security evaluation of the ARM TrustZone extension in a heterogeneous SoC. In Proceedings of the IEEE International System-on-Chip Conference. 108--113.Google Scholar
- F. Brasser, D. Kim, C. Liebchen, V. Ganapathy, L. Iftode, and A.-R. Sadeghi. 2016. Regulating ARM TrustZone devices in restricted spaces. In Proceedings of the International Conference on Mobile Systems, Applications, and Services. ACM, 413--425. Google ScholarDigital Library
- S. Brenner, D. Goltzsche, and R. Kapitza. 2017. TrApps: Secure compartments in the evil cloud. In Proceedings of the International Workshop on Security and Dependability of Multi-Domain Infrastructures. ACM, Article 5, 6 pages. Google ScholarDigital Library
- S. Brenner, C. Wulf, and R. Kapitza. 2014. Running ZooKeeper coordination services in untrusted clouds. In Proceedings of the USENIX Conference on Hot Topics in System Dependability. USENIX Association, 2--2. Google ScholarDigital Library
- T. Brito, N. Duarte, and N. Santos. 2016. ARM TrustZone for secure image processing on the cloud. In Proceedings of the IEEE Symposium on Reliable Distributed Systems Workshops. 37--42.Google Scholar
- A. Carvalho, V. Silva, F. Afonso, P. Cardoso, J. Cabral, M. Ekpanyapong, S. Montenegro, and A. Tavares. 2016. Full virtualization on low-end hardware: A case study. In Proceedings of the Annual Conference of the IEEE Industrial Electronics Society. 4784--4789.Google Scholar
- M. Cereia and I. C. Bertolotti. 2008. Asymmetric virtualisation for real-time systems. In Proceedings of the IEEE International Symposium on Industrial Electronics. 1680--1685.Google Scholar
- M. Cereia and I. C. Bertolotti. 2009. Virtual machines for distributed real-time systems. Comput. Stand. Interfaces 31, 1 (Jan. 2009), 30--39. Google ScholarDigital Library
- D. Champagne and R. B. Lee. 2010. Scalable architectural support for trusted software. In Proceedings of the International Symposium on High-Performance Computer Architecture. 1--12.Google Scholar
- R. Chang, L. Jiang, W. Chen, Y. Xiang, Y. Cheng, and A. Alelaiwi. 2017. MIPE: A practical memory integrity protection method in a trusted execution environment. Cluster Comput. (2017), 1--13. Google ScholarDigital Library
- G. Cicero, A. Biondi, G. Buttazzo, and A. Patel. 2018. Reconciling security with virtualization: A dual-hypervisor design for ARM TrustZone. In Proceedings of the IEEE International Conference on Industrial Technology. 1628--1633.Google Scholar
- V. Costan and S. Devadas. 2016. Intel SGX explained. IACR Cryptology ePrint Archive 2016 (2016), 86.Google Scholar
- V. Costan, I. Lebedev, and S. Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In Proceedings of the USENIX Security Symposium. USENIX Association, 857--874. Google ScholarDigital Library
- C. Dall and J. Nieh. 2014. KVM/ARM: The design and implementation of the linux ARM hypervisor. SIGPLAN Notes 49, 4 (2014), 333--348. Google ScholarDigital Library
- M. Dorjmyagmar, M. Kim, and H. Kim. 2017. Security analysis of samsung knox. In Proceedings of the International Conference on Advanced Communication Technology. 550--553.Google Scholar
- H. Douglas. 2010. Thin Hypervisor-Based Security Architectures for Embedded Platforms. Master’s thesis, Royal Institute of Technology.Google Scholar
- ENISA. 2016. Breaking Android’s Full Disk Encryption. Retrieved from https://www.enisa.europa.eu/publications/info-notes/breaking-android2019s-full-disk-encryption.Google Scholar
- Express Logic. 2016. X-WARE Secure Platform for ARM Cortex-M processors. Retrieved from https://rtos.com/news/express-logics-x-ware-secure-platform-provides-secure-solution-for-information-and-safety-sensitive-iot-devices/.Google Scholar
- A. Ferraiuolo, A. Baumann, C. Hawblitzel, and B. Parno. 2017. Komodo: Using verification to disentangle secure-enclave hardware from software. In Proceedings of the Symposium on Operating Systems Principles. ACM, 287--305. Google ScholarDigital Library
- A. Ferraiuolo, R. Xu, D. Zhang, A. Myers, and G. Suh. 2017. Verification of a practical hardware security architecture through static information flow analysis. SIGOPS Operat. Syst. Rev. 51, 2 (2017), 555--568. Google ScholarDigital Library
- A. Fitzek, F. Achleitner, J. Winter, and D. Hein. 2015. The ANDIX research OS - ARM TrustZone meets industrial control systems security. In Proceedings of the IEEE International Conference on Industrial Informatics. 88--93.Google Scholar
- T. Frenzel, A. Lackorzynski, A. Warg, and H. Härtig. 2010. ARM trustzone as a virtualization technique in embedded systems. In Proceedings of the 12th Real-Time Linux Workshop.Google Scholar
- Gal Beniamini, Project Zero. 2017. Trust Issues: Exploiting TrustZone TEEs. Retrieved from https://googleprojectzero.blogspot.pt/2017/07/trust-issues-exploiting-trustzone-tees.html.Google Scholar
- Qian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2018. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8, 1 (2018), 1--27.Google ScholarCross Ref
- Global Platform. 2011. Retrieved from https://www.globalplatform.org/.Google Scholar
- J. González and P. Bonnet. 2014. TEE-based Trusted Storage. Technical Report. IT University Technical Report Series.Google Scholar
- J. González and P. Bonnet. 2014. Versatile Endpoint Storage Security with Trusted Integrity Modules. Technical Report. IT University Technical Report Series.Google Scholar
- R. Guanciale, H. Nemati, C. Baumann, and M. Dam. 2016. Cache storage channels: Alias-driven attacks and verified countermeasures. In Proceedings of the IEEE Symposium on Security and Privacy. 38--55.Google Scholar
- H. Hartig, M. Hohmuth, N. Feske, C. Helmuth, A. Lackorzynski, F. Mehnert, and M. Peter. 2005. The nizza secure-system architecture. In Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing. 10.Google Scholar
- D. Hein, J. Winter, and A. Fitzek. 2015. Secure block device - secure, flexible, and efficient data storage for ARM TrustZone systems. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA. 222--229. Google ScholarDigital Library
- Z. Hua, J. Gu, Y. Xia, H. Chen, B. Zang, and H. Guan. 2017. vTZ: Virtualizing ARM TrustZone. In Proceedings of the USENIX Security Symposium. USENIX Association, Vancouver, BC, 541--556. Google ScholarDigital Library
- P. Hunt, M. Konar, F. Junqueira, and B. Reed. 2010. ZooKeeper: Wait-free coordination for internet-scale systems. In Proceedings of the USENIX Annual Technical Conference, Vol. 8. 9. Google ScholarDigital Library
- Intel. 2009. 64 and IA-32 Architectures Software Developer’s Manual.Google Scholar
- Nisha Jacob, Johann Heyszl, Andreas Zankl, Carsten Rolfes, and Georg Sigl. 2017. How to Break Secure Boot on FPGA SoCs Through Malicious Hardware. Springer International Publishing, Cham, 425--442.Google Scholar
- J. Jang and B. B. Kang. 2018. Retrofitting the partially privileged mode for TEE communication channel protection. IEEE Trans. Depend. Secure Comput. (2018), 1--1.Google Scholar
- J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang. 2015. SeCReT: Secure channel between rich execution environment and trusted execution environment. In Proceedings of the Network and Distributed System Security Symposium.Google Scholar
- D. Kaplan, T. Woller, and J. Powell. 2016. AMD Memory Encryption Tutorial. White Paper. Retrived from https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdfGoogle Scholar
- H. Kim and R. Rajkumar. 2017. Predictable shared cache management for multi-core real-time virtualization. ACM Trans. Embed. Comput. Syst. 17, 1, Article 22 (2017), 27 pages. Google ScholarDigital Library
- S. W. Kim, C. Lee, M. Jeon, H. Y. Kwon, H. W. Lee, and C. Yoo. 2013. Secure device access for automotive software. In Proceedings of the International Conference on Connected Vehicles and Expo. 177--181.Google Scholar
- K. Kostiainen. 2012. On-board Credentials: An Open Credential Platform for Mobile Devices. Doctoral Dissertation, Aalto University.Google Scholar
- K. Kostiainen, N. Asokan, and J.-E. Ekberg. 2011. Practical property-based attestation on mobile devices. In Proceedings of the International Conference on Trust and Trustworthy Computing. Springer-Verlag, 78--92. Google ScholarDigital Library
- K. Kostiainen, J. Ekberg, N. Asokan, and A. Rantala. 2009. On-board credentials with open provisioning. In Proceedings of the Symposium on Information, Computer, and Communications Security. ACM, 104--115. Google ScholarDigital Library
- Genode Labs. 2014. Genode—An Exploration of ARM TrustZone Technology. Retrieved from http://genode.org/documentation/articles/trustzone.Google Scholar
- W. Li, H. Li, H. Chen, and Y. Xia. 2015. AdAttester: Secure online mobile advertisement attestation using TrustZone. In Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services. ACM, 75--88. Google ScholarDigital Library
- W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C. Chu, and T. Li. 2014. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of the Asia-Pacific Workshop on Systems. ACM, 8:1--8:7. Google ScholarDigital Library
- X. Li, H. Hu, G. Bai, Y. Jia, Z. Liang, and P. Saxena. 2014. DroidVault: A trusted data vault for android devices. In Proceedings of the International Conference on Engineering of Complex Computer Systems. 29--38. Google ScholarDigital Library
- J. Lim, C. Dall, S.-W. Li, J. Nieh, and M. Zyngier. 2017. NEVE: Nested virtualization extensions for ARM. In Proceedings of the Symposium on Operating Systems Principles. ACM, 201--217. Google ScholarDigital Library
- Linaro. 2014. OP-TEE. https://wiki.linaro.org/WorkingGroups/Security/OP-TEE. Accessed: 2018-02-02.Google Scholar
- Z. Ling, K. Liu, Y. Xu, Y. Jin, and X. Fu. 2017. An end-to-end view of iot security and Privacy. In Proceedings of the IEEE Global Communications Conference. 1--7.Google Scholar
- Z. Ling, J. Luo, Y. Xu, C. Gao, K. Wu, and X. Fu. 2017. Security vulnerabilities of internet of things: A case study of the smart plug system. IEEE Internet Things J. 4, 6 (Dec 2017), 1899--1909.Google ScholarCross Ref
- M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, and S. Mangard. 2016. ARMageddon: Cache attacks on mobile devices. In Proceedings of the USENIX Security Symposium. 549--564. Google ScholarDigital Library
- R. Liu and M. Srivastava. 2017. PROTC: PROTeCting drone’s peripherals through ARM TrustZone. In Proceedings of the Workshop on Micro Aerial Vehicle Networks, Systems, and Applications. ACM, 1--6. Google ScholarDigital Library
- Arm Ltd. 2009. ARM Security Technology: Building a Secure System using TrustZone Technology.Google Scholar
- Arm Ltd. 2015. mbed TLS. Retrieved from https://tls.mbed.org/.Google Scholar
- Arm Ltd. 2017. TrustZone technology for ARMv8-M Architecture. Version 2.0.Google Scholar
- P. Lucas, K. Chappuis, M. Paolino, N. Dagieu, and D. Raho. 2017. VOSYSmonitor, a low latency monitor layer for mixed-criticality systems on ARMv8-A. In Proceedings of the Euromicro Conference on Real-Time Systems (Leibniz International Proceedings in Informatics), Vol. 76. Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 6:1--6:18.Google Scholar
- A. Machiry, E. Gustafson, C. Spensky, C. Salls, N. Stephens, R. Wang, A. Bianchi, Y. R. Choe, C. Kruegel, and G. Vigna. 2017. BOOMERANG: Exploiting the semantic gap in trusted execution environments. In Proceedings of the Network and Distributed System Security Symposium.Google Scholar
- P. Maene, J. Götzfried, R. de Clercq, T. Müller, F. Freiling, and I. Verbauwhede. 2018. Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. 67, 3 (Mar. 2018), 361--374.Google ScholarCross Ref
- J. Martins, J. Alves, J. Cabral, A. Tavares, and S. Pinto. 2017. μRTZVisor: A secure and safe real-time hypervisor. Electronics 6, 4 (2017).Google Scholar
- B. McGillion, T. Dettenborn, T. Nyman, and N. Asokan. 2015. Open-TEE - an open virtual trusted execution environment. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Vol. 1. 400--407. Google ScholarDigital Library
- B. Ngabonziza, D. Martin, A. Bailey, H. Cho, and S. Martin. 2016. TrustZone explained: Architectural features and use cases. In Proceedings of the IEE Conference on Collaboration and Internet Computing. 445--451.Google Scholar
- Z. Ning, F. Zhang, W. Shi, and W. Shi. 2017. Position paper: Challenges towards securing hardware-assisted execution environments. In Hardware and Architectural Support for Security and Privacy. ACM, Article 6. Google ScholarDigital Library
- T. Nyman, J.-E. Ekberg, L. Davi, and N. Asokan. 2017. CFI CaRE: Hardware-Supported Call and Return Enforcement for Commercial Microcontrollers. Springer International Publishing, Cham, 259--284.Google Scholar
- D. Oliveira, T. Gomes, and S. Pinto. 2018. Towards a green and secure architecture for reconfigurable IoT end-devices. In Proceedings of the ACM/IEEE International Conference on Cyber-Physical Systems. 335--336. Google ScholarDigital Library
- Open Mobile Terminal Platform (OMTP). 2009. Advanced Trusted Environment: OMTP TR1. Technical Report (v1.1).Google Scholar
- M. Paolino, A. Rigo, A. Spyridakis, J. Fanguede, P. Lalov, and D. Raho. 2015. T-KVM: A trusted architecture for KVM ARM v7 and v8 virtual machines. In Proceedings of the International Conference on Cloud Computing, GRIDs, and Virtualization. 39--45.Google Scholar
- M. Pena, J. Rodriguez-Andina, and M. Manic. 2017. The internet of things: The role of reconfigurable platforms. IEEE Industr. Electron. Mag. 11, 3 (Sept. 2017), 6--19.Google Scholar
- S. Pinto, T. Gomes, J. Pereira, J. Cabral, and A. Tavares. 2017. IIoTEED: An enhanced, trusted execution environment for industrial IoT edge devices. IEEE Internet Comput. 21, 1 (Jan. 2017), 40--47. Google ScholarDigital Library
- S. Pinto, A. Oliveira, J. Pereira, J. Cabral, J. Monteiro, and A. Tavares. 2017. Lightweight multicore virtualization architecture exploiting ARM TrustZone. In Proceedings of the Annual Conference of the IEEE Industrial Electronics Society. 3562--3567.Google Scholar
- S. Pinto, D. Oliveira, J. Pereira, J. Cabral, and A. Tavares. 2015. FreeTEE: When real-time and security meet. In Proceedings of the IEEE Conference on Emerging Technologies Factory Automation. 1--4.Google Scholar
- S. Pinto, D. Oliveira, J. Pereira, N. Cardoso, M. Ekpanyapong, J. Cabral, and A. Tavares. 2014. Towards a lightweight embedded virtualization architecture exploiting ARM TrustZone. In Proceedings of the IEEE Conference on Emerging Technology and Factory Automation. 1--4.Google Scholar
- S. Pinto, J. Pereira, T. Gomes, M. Ekpanyapong, and A. Tavares. 2017. Towards a TrustZone-assisted hypervisor for real-time embedded systems. IEEE Comput. Architect. Lett. 16, 2 (July 2017), 158--161.Google ScholarCross Ref
- S. Pinto, J. Pereira, T. Gomes, A. Tavares, and J. Cabral. 2017. LTZVisor: TrustZone is the key. In Proceedings of the Euromicro Conference on Real-Time Systems (Leibniz International Proceedings in Informatics), Vol. 76. Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 4:1--4:22.Google Scholar
- S. Pinto, A. Tavares, and S. Montenegro. 2016. Space and time partitioning with hardware support for space applications. Data Systems in Aerospace, European Space Agency, ESA SP 736 (2016).Google Scholar
- Prove 8 Run. 2017. ProvenCore-M. Retrieved from http://www.provenrun.com/products/provencore-m/.Google Scholar
- R. Rijswijk-Deij and E. Poll. 2013. Using trusted execution environments in two-factor authentication: Comparing approaches. In Proceedings of the Open Identity Summit (Lecture notes in informatics), Vol. P-223. Gesellschaft for Informatik, 20--31.Google Scholar
- Rob Dyke, Trustonic. 2017. Not just droning on! The rise of Kinibi-M. Retrieved from https://www.trustonic.com/news/blog/not-just-droning-rise-kinibi-m/.Google Scholar
- D. Rosenberg. 2014. QSEE trustzone kernel integer overflow vulnerability. In Proceedings of the Black Hat Conference.Google Scholar
- X. Ruan. 2014. Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine (1st ed.). Apress. Google ScholarDigital Library
- M. Sabt, M. Achemlal, and A. Bouabdallah. 2015. Trusted execution environment: What it is, and what it is not. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Vol. 1. 57--64. Google ScholarDigital Library
- A.-R. Sadeghi, C. Wachsmann, and M. Waidner. 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the ACM/EDAC/IEEE Design Automation Conference. 1--6. Google ScholarDigital Library
- Samsung. 2013. White Paper: An Overview of Samsung KNOX. Retrieved from http://www.samsung.com/es/business-images/resource/white-paper/2014/02/Samsung_KNOX_whitepaper-0.pdf.Google Scholar
- D. Sangorrín. 2012. Advanced Integration Techniques for Highly Reliable Dual-OS Embedded Systems. Ph.D. Dissertation.Google Scholar
- D. Sangorrín, S. Honda, and H. Takada. 2010. Dual operating system architecture for real-time embedded systems. In Proceedings of the International Workshop on Operating Systems Platforms for Embedded Real-Time Applications. 6--15.Google Scholar
- D. Sangorrín, S. Honda, and H. Takada. 2012. Reliable Device Sharing Mechanisms for Dual-OS Embedded Trusted Computing. 74--91.Google Scholar
- N. Santos, H. Raj, S. Saroiu, and A. Wolman. 2014. Using ARM TrustZone to build a trusted language runtime for mobile applications. SIGARCH Comput. Archit. News 42, 1 (Feb. 2014), 67--80. Google ScholarDigital Library
- O. Schwarz, C. Gehrmann, and V. Do. 2014. Affordable Separation on Embedded Platforms. Springer International Publishing, Cham, 37--54. Google ScholarDigital Library
- Sequitur Labs. 2017. CoreLockr-TZ. Retrieved from https://www.sequiturlabs.com/corelockrtz/.Google Scholar
- D. Shen. 2015. Exploiting TrustZone on android. In Proceedings of the Black Hat Conference.Google Scholar
- J. Shin, Y. Kim, W. Park, and C. Park. 2012. DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices. In Proceedings of the IEEE International Conference on Cloud Computing Technology and Science Proceedings. 551--556. Google ScholarDigital Library
- J. Shuja, A. Gani, K. Bilal, A. Khan, S. Madani, S. Khan, and A. Zomaya. 2016. A survey of mobile device virtualization: Taxonomy and state of the art. Comput. Surveys 49, 1 (Apr. 2016), 1:1--1:36. Google ScholarDigital Library
- SierraTEE. 2012. Retrieved from http://www.openvirtualization.org/.Google Scholar
- S. Smalley and R. Craig. 2013. Security enhanced (SE) android: Bringing flexible MAC to android. In Proceedings of the Network and Distributed System Security Symposium, Vol. 310. 20--38.Google Scholar
- Philip Sparks. 2017. The route to a trillion devices. White Paper, ARM.Google Scholar
- G. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. 2003. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the Annual International Conference on Supercomputing. ACM, 160--171. Google ScholarDigital Library
- H. Sun, K. Sun, Y. Wang, and J. Jing. 2015. Reliable and trustworthy memory acquisition on smartphones. IEEE Trans. Info. Forensics Secur. 10, 12 (Dec. 2015), 2547--2561.Google Scholar
- H. Sun, K. Sun, Y. Wang, and J. Jing. 2015. TrustOTP: Transforming smartphones into secure one-time password tokens. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 976--988. Google ScholarDigital Library
- H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia. 2014. TrustDump: Reliable Memory Acquisition on Smartphones. Springer International Publishing, Cham, 202--218.Google Scholar
- H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang. 2015. TrustICE: Hardware-assisted isolated computing environments on mobile devices. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE Computer Society, 367--378. Google ScholarDigital Library
- T6 TEE. 2014. Retrieved from https://www.trustkernel.com/en/products/tee/t6.html.Google Scholar
- A. Tanenbaum, J. Herder, and H. Bos. 2006. Can we make operating systems reliable and secure? Computer 39, 5 (May 2006), 44--51. Google ScholarDigital Library
- A. Tang, S. Sethumadhavan, and S. Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the USENIX Security Symposium. USENIX Association, 1057--1074. Google ScholarDigital Library
- J. Taylor. 2016. Security for the next generation of safe real-time systems. In Proceedings of Embedded World Conference.Google Scholar
- TLK. 2014. Retrieved from http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/webcrypto2014_submission_25.pdf.Google Scholar
- Trusted Computing Group. 2011. TPM Main: Part 1 Design Principles, Version 1.2, Revision 116 ed.Google Scholar
- A. Vasudevan, E. Owusu, Z. Zhou, J. Newsome, and J. McCune. 2012. Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me? Springer, Berlin, 159--178. Google ScholarDigital Library
- J. Williams. 2015. Inspecting data from the safety of your trusted execution environment. In Proceedings of the Black Hat Conference.Google Scholar
- J. Winter. 2008. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In Proceedings of the ACM Workshop on Scalable Trusted Computing. ACM, 21--30. Google ScholarDigital Library
- J. Winter. 2012. Experimenting with ARM TrustZone—Or: How I met a friendly piece of trusted hardware. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 1161--1166. Google ScholarDigital Library
- Xilinx. 2014. Programming ARM TrustZone Architecture on the Xilinx Zynq-7000 All Programmable SoC. User Guide, UG1019 (v1.0).Google Scholar
- N. Zhang, H. Sun, K. Sun, W. Lou, and Y. T. Hou. 2016. CacheKit: Evading memory introspection using cache incoherence. In Proceedings of the IEEE European Symposium on Security and Privacy. 337--352.Google Scholar
- N. Zhang, K. Sun, D. Shands, W. Lou, and Y. Hou. 2016. TruSpy: Cache side-channel information leakage from the secure world on ARM devices. IACR Cryptology ePrint Archive (2016), 980.Google Scholar
- Y. Zhang, Z. Chen, H. Xue, and T. Wei. 2015. Fingerprints on mobile devices: Abusing and leaking. In Proceedings of the Black Hat Conference.Google Scholar
- B. Zhao, Y. Xiao, Y. Huang, and X. Cui. 2017. A private user data protection mechanism in TrustZone architecture based on identity authentication. Tsinghua Sci. Technol. 22, 2 (Apr. 2017), 218--225.Google Scholar
- S. Zhao, Q. Zhang, G. Hu, Y. Qin, and D. Feng. 2014. Providing root of trust for ARM TrustZone using on-chip SRAM. In Proceedings of the International Workshop on Trustworthy Embedded Devices. ACM, 25--36. Google ScholarDigital Library
Index Terms
- Demystifying Arm TrustZone: A Comprehensive Survey
Recommendations
Self-secured devices: High performance and secure I/O access in TrustZone-based systems
AbstractArm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently,...
Demystifying ARM TrustZone TEE Client API using OP-TEE
SMA 2020: The 9th International Conference on Smart Media and ApplicationsRecently, sensitive information such as financial data and electronic payment systems have been stored in mobile devices. To protect important data, TEE technology has emerged, a trusty and safe execution environment. In particular, ARM TrustZone ...
TEEv: virtualizing trusted execution environments on mobile platforms
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsTrusted Execution Environments (TEE) are widely deployed, especially on smartphones. A recent trend in TEE development is the transition from vendor-controlled, single-purpose TEEs to open TEEs that host Trusted Applications (TAs) from multiple sources ...
Comments