Demystifying Arm TrustZone

The world is undergoing an unprecedented technological transformation, evolving into a state where ubiquitous Internet-enabled “things” will be able to generate and share large amounts of security- and privacy-sensitive data. To cope with the security threats that are thus foreseeable, system designers can find in Arm TrustZone hardware technology a most valuable resource. TrustZone is a System-on-Chip and CPU system-wide security solution, available on today’s Arm application processors and present in the new generation Arm microcontrollers, which are expected to dominate the market of smart “things.” Although this technology has remained relatively underground since its inception in 2004, over the past years, numerous initiatives have significantly advanced the state of the art involving Arm TrustZone. Motivated by this revival of interest, this paper presents an in-depth study of TrustZone technology. We provide a comprehensive survey of relevant work from academia and industry, presenting existing systems into two main areas, namely, Trusted Execution Environments and hardware-assisted virtualization. Furthermore, we analyze the most relevant weaknesses of existing systems and propose new research directions within the realm of tiniest devices and the Internet of Things, which we believe to have potential to yield high-impact contributions in the future.

[1]  Daniel Sangorrin Lopez Advanced integration techniques for highly reliable dual-OS embedded systems , 2012 .

[2]  I.C. Bertolotti,et al.  Asymmetric virtualisation for real-time systems , 2008, 2008 IEEE International Symposium on Industrial Electronics.

[3]  Giorgio Buttazzo,et al.  Reconciling security with virtualization: A dual-hypervisor design for ARM TrustZone , 2018, 2018 IEEE International Conference on Industrial Technology (ICIT).

[4]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[5]  Zhen Ling,et al.  An End-to-End View of IoT Security and Privacy , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[6]  Ivan Cibrario Bertolotti,et al.  Virtual machines for distributed real-time systems , 2009, Comput. Stand. Interfaces.

[7]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[8]  Johannes Winter,et al.  Secure Block Device -- Secure, Flexible, and Efficient Data Storage for ARM TrustZone Systems , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[9]  Jorge Pereira,et al.  FreeTEE: When real-time and security meet , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[10]  Muli Ben-Yehuda,et al.  The Turtles Project: Design and Implementation of Nested Virtualization , 2010, OSDI.

[11]  Xiaoyu Cui,et al.  A Private User Data Protection Mechanism in TrustZone Architecture Based on Identity Authentication , 2017 .

[12]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[13]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[14]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[15]  Pierre Lucas,et al.  VOSYSmonitor, a Low Latency Monitor Layer for Mixed-Criticality Systems on ARMv8-A , 2017, ECRTS.

[16]  Hyoseung Kim,et al.  Predictable Shared Cache Management for Multi-Core Real-Time Virtualization , 2017, ACM Trans. Embed. Comput. Syst..

[17]  Yuewu Wang,et al.  Reliable and Trustworthy Memory Acquisition on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Albert Y. Zomaya,et al.  A Survey of Mobile Device Virtualization , 2016, ACM Comput. Surv..

[19]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[20]  Mongkol Ekpanyapong,et al.  Towards a TrustZone-Assisted Hypervisor for Real-Time Embedded Systems , 2017, IEEE Computer Architecture Letters.

[21]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[22]  Mongkol Ekpanyapong,et al.  Full virtualization on low-end hardware: A case study , 2016, IECON 2016 - 42nd Annual Conference of the IEEE Industrial Electronics Society.

[23]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[24]  Peng Ning,et al.  SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms , 2011, CCS '11.

[25]  Rui Chang,et al.  MIPE: a practical memory integrity protection method in a trusted execution environment , 2017, Cluster Computing.

[26]  Yu Qin,et al.  Providing Root of Trust for ARM TrustZone using On-Chip SRAM , 2014, TrustED '14.

[27]  John Williams Inspecting data from the safety of your trusted execution environment , 2015 .

[28]  Herbert Bos,et al.  Can we make operating systems reliable and secure? , 2006, Computer.

[29]  N. Asokan,et al.  CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers , 2017, RAID.

[30]  Nuno Santos,et al.  ARM TrustZone for Secure Image Processing on the Cloud , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW).

[31]  Chanik Park,et al.  DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[32]  Hyoungshick Kim,et al.  Security analysis of Samsung Knox , 2017, 2017 19th International Conference on Advanced Communication Technology (ICACT).

[33]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[34]  Johannes Winter Experimenting with ARM TrustZone -- Or: How I Met Friendly Piece of Trusted Hardware , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[35]  Weisong Shi,et al.  Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments , 2017, HASP@ISCA.

[36]  Lilian Bossuet,et al.  On the security evaluation of the ARM TrustZone extension in a heterogeneous SoC , 2017, 2017 30th IEEE International System-on-Chip Conference (SOCC).

[37]  Jorge Pereira,et al.  IIoTEED: An Enhanced, Trusted Execution Environment for Industrial IoT Edge Devices , 2017, IEEE Internet Computing.

[38]  S. Montenegro,et al.  SPACE AND TIME PARTITIONING WITH HARDWARE SUPPORT FOR SPACE APPLICATIONS , 2016 .

[39]  N. Asokan,et al.  Practical Property-Based Attestation on Mobile Devices , 2011, TRUST.

[40]  Chuck Yoo,et al.  Secure device access for automotive software , 2013, 2013 International Conference on Connected Vehicles and Expo (ICCVE).

[41]  James Newsome,et al.  Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me? , 2012, TRUST.

[42]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[43]  Daniel Martin,et al.  TrustZone Explained: Architectural Features and Use Cases , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[45]  Jason Nieh,et al.  KVM/ARM: the design and implementation of the linux ARM hypervisor , 2014, ASPLOS.

[47]  Jorge Pereira,et al.  LTZVisor: TrustZone is the Key , 2017, ECRTS.

[48]  Jinsoo Jang,et al.  Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection , 2020, IEEE Transactions on Dependable and Secure Computing.

[49]  Rui Xu,et al.  Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis , 2017, ASPLOS.

[50]  Hermann Härtig,et al.  The Nizza secure-system architecture , 2005, 2005 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[51]  Christopher Krügel,et al.  BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments , 2017, NDSS.

[52]  Jason Nieh,et al.  NEVE: Nested Virtualization Extensions for ARM , 2017, SOSP.

[53]  Mani B. Srivastava,et al.  PROTC: PROTeCting Drone's Peripherals through ARM TrustZone , 2017, DroNet@MobiSys.

[54]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[55]  Xiaoyu Ruan Cyber Security in the Mobile Age , 2014 .

[56]  Chao Gao,et al.  Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System , 2017, IEEE Internet of Things Journal.

[57]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[58]  Ning Zhang,et al.  CacheKit: Evading Memory Introspection Using Cache Incoherence , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[59]  N. Asokan,et al.  Open-TEE -- An Open Virtual Trusted Execution Environment , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[60]  Milos Manic,et al.  The Internet of Things: The Role of Reconfigurable Platforms , 2017, IEEE Industrial Electronics Magazine.

[61]  Yuewu Wang,et al.  TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens , 2015, CCS.

[62]  Liviu Iftode,et al.  Regulating ARM TrustZone Devices in Restricted Spaces , 2016, MobiSys.

[63]  Georg Sigl,et al.  How to Break Secure Boot on FPGA SoCs Through Malicious Hardware , 2017, CHES.

[64]  Andrew Ferraiuolo,et al.  Komodo: Using verification to disentangle secure-enclave hardware from software , 2017, SOSP.

[65]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[66]  Erik Poll,et al.  Using Trusted Execution Environments in Two-factor Authentication: comparing approaches , 2013, Open Identity Summit.

[67]  Xiaoyu Ruan,et al.  Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine , 2014 .

[68]  Daniel Raho,et al.  T-KVM: A Trusted Architecture for KVM ARM v7 and v8 Virtual Machines , 2015, IEEE CLOUD 2015.

[69]  Yuewu Wang,et al.  TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[70]  Ahmad-Reza Sadeghi,et al.  ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[71]  Tiago Gomes,et al.  Towards a Green and Secure Architecture for Reconfigurable IoT End-Devices , 2018, 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS).

[72]  Sushil Jajodia,et al.  TrustDump: Reliable Memory Acquisition on Smartphones , 2014, ESORICS.

[73]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.

[74]  Ning Zhang,et al.  TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices , 2016, IACR Cryptol. ePrint Arch..

[75]  Johannes Götzfried,et al.  Hardware-Based Trusted Computing Architectures for Isolation and Attestation , 2018, IEEE Transactions on Computers.

[76]  Jorge Pereira,et al.  Lightweight multicore virtualization architecture exploiting ARM TrustZone , 2017, IECON 2017 - 43rd Annual Conference of the IEEE Industrial Electronics Society.

[77]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[78]  Ranjbar A. Balisane,et al.  Trusted execution environment-based authentication gauge (TEEBAG) , 2016, NSPW.

[79]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[80]  N. Asokan,et al.  On-board credentials with open provisioning , 2009, ASIACCS '09.

[81]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[82]  Heradon Douglas,et al.  Thin Hypervisor-Based Security Architectures for Embedded Platforms , 2010 .

[83]  Yubin Xia,et al.  AdAttester: Secure Online Mobile Advertisement Attestation Using TrustZone , 2015, MobiSys.

[84]  Mahadev Konar,et al.  ZooKeeper: Wait-free Coordination for Internet-scale Systems , 2010, USENIX ATC.

[85]  Hiroaki Takada,et al.  Reliable Device Sharing Mechanisms for Dual-OS Embedded Trusted Computing , 2012, TRUST.

[86]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[87]  Rüdiger Kapitza,et al.  TrApps: Secure Compartments in the Evil Cloud , 2017, IWSEC 2017.

[88]  Johannes Winter,et al.  The ANDIX research OS — ARM TrustZone meets industrial control systems security , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[89]  Andrew P. Martin,et al.  Analysis of Trusted Execution Environment usage in Samsung KNOX , 2016, SysTEX@Middleware.

[90]  Zhenkai Liang,et al.  DroidVault: A Trusted Data Vault for Android Devices , 2014, 2014 19th International Conference on Engineering of Complex Computer Systems.

[91]  Rüdiger Kapitza,et al.  Running ZooKeeper Coordination Services in Untrusted Clouds , 2014, HotDep.

[92]  Yubin Xia,et al.  Building trusted path on untrusted device drivers for mobile devices , 2014, APSys.

[93]  Kari Kostiainen,et al.  On-board Credentials: An open credential platform for mobile devices , 2012 .

[94]  Jorge Pereira,et al.  Towards a lightweight embedded virtualization architecture exploiting ARM TrustZone , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[95]  Jorge Cabral,et al.  μRTZvisor: A secure and safe real-time hypervisor , 2017 .