A Flexible Software Development and Emulation Framework for ARM TrustZone

ARM TrustZone is a hardware isolation mechanism to improve software security. Despite its widespread availability in mobile and embedded devices, development of software for it has been hampered by a lack of openly available emulation and development frameworks. In this paper we provide a comprehensive open-source software environment for experiments with ARM TrustZone, based on the foundations of the well known open-source QEMU platform emulator. Our software framework is complemented by a prototype kernel running within a trusted environment. We validate our software environment with an application example featuring a software based Trusted Platform Module hosted in a TrustZone protected runtime environment and an Android operating system accessing it through an high-level, industry-standard Trusted Computing API.

[1]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[2]  N. Asokan,et al.  Scheduling execution of credentials in constrained secure environments , 2008, STC '08.

[3]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[4]  Alec Wolman,et al.  Trusted language runtime (TLR): enabling trusted applications on smartphones , 2011, HotMobile '11.

[5]  Gabi Dreo Rodosek,et al.  Towards Permission-Based Attestation for the Android Platform - (Short Paper) , 2011, TRUST.

[6]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[7]  Mohammad Nauman,et al.  Specification and Standardization of a Java Trusted Computing API , 2012, Softw. Pract. Exp..

[8]  Sven Bugiel,et al.  Trust in a small package: minimized MRTM software implementation for mobile secure environments , 2009, STC '09.

[9]  Peter Wilson,et al.  Implementing Embedded Security on Dual-Virtual-CPU Systems , 2007, IEEE Design & Test of Computers.

[10]  Paul Coulton,et al.  E-Pass Using DRM in Symbian v8 OS and TrustZone : Securing Vital Data on Mobile Devices , 2006, 2006 International Conference on Mobile Business.

[11]  N. Asokan,et al.  On-board credentials with open provisioning , 2009, ASIACCS '09.

[12]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[13]  Yusnani Mohd Yussoff,et al.  Trusted Wireless Sensor Node Platform , 2010, WCE 2010.

[14]  Aaron Weiss Trusted computing , 2006, NTWK.

[15]  Martin Pirker,et al.  A PrivacyCA for Anonymity and Trust , 2009, TRUST.

[16]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[17]  Liqun Chen,et al.  Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices , 2010, ISC.

[18]  Paul Coulton,et al.  Mobile ticketing system employing TrustZone technology , 2005, International Conference on Mobile Business (ICMB'05).