RusTEE: Developing Memory-Safe ARM TrustZone Applications

In the past decade, Trusted Execution Environment (TEE) provided by ARM TrustZone is becoming one of the primary techniques for enhancing the security of mobile devices. The isolation enforced by TrustZone can protect the trusted applications running in the TEE against malicious software in the untrusted rich execution environment (REE). However, TrustZone cannot completely prevent vulnerabilities in trusted applications residing in the TEE, which can then be used to attack other trusted applications or even the trusted OS. Previously, a number of memory corruption vulnerabilities have been reported on different TAs, which are written in memory-unsafe languages like C. Recently, various memory-safe programming languages have emerged to mitigate the prevalent memory corruption bugs. In this paper, we propose RusTEE, a trusted application mechanism that leverages Rust, a newly emerged memory-safe language, to enhance the security of TAs. Though the high-level idea is quite straight-forwarding, we resolve several challenges on adopting Rust in mobile TEEs. Specifically, since Rust currently does not support any TrustZone-assisted TEE systems, we extend the existing Rust compiler for providing such support. Also, we apply comprehensive security mechanisms to resolve two security issues of trusted applications, namely, securely invoking high-privileged system services and securely communicating with untrusted REE. We implement a prototype of RusTEE as the trusted applications’ SDK, which supports both emulator and real hardware devices. The experiment shows that RusTEE can compile applications with close-to-C performance on the evaluated platforms.

[1]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[2]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[3]  Tao Wei,et al.  Towards Memory Safe Enclave Programming with Rust-SGX , 2019, CCS.

[4]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[5]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[6]  Philip Levis,et al.  Multiprogramming a 64kB Computer Safely and Efficiently , 2017, SOSP.

[7]  Philip Levis,et al.  The Case for Writing a Kernel in Rust , 2017, APSys.

[8]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[9]  David E. Culler,et al.  Ownership is theft: experiences building an embedded OS in rust , 2015, PLOS@SOSP.

[10]  Pedro Fonseca,et al.  SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[11]  Derek Dreyer,et al.  RustBelt: securing the foundations of the rust programming language , 2017, Proc. ACM Program. Lang..

[12]  Yunheung Paek,et al.  Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices , 2016, USENIX Annual Technical Conference.

[13]  Hongwei Zhang,et al.  SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security , 2016, HASP 2016.

[14]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[15]  Trent Jaeger,et al.  Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture , 2014, ArXiv.

[16]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[17]  Yunheung Paek,et al.  KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object , 2019, IEEE Transactions on Dependable and Secure Computing.

[18]  David M'Raïhi,et al.  HOTP: An HMAC-Based One-Time Password Algorithm , 2005, RFC.

[19]  Ning Zhang,et al.  CacheKit: Evading Memory Introspection Using Cache Incoherence , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[20]  Leonid Ryzhyk,et al.  System Programming in Rust: Beyond Safety , 2017, HotOS.

[21]  Nicholas D. Matsakis,et al.  The rust language , 2014, HILT '14.

[22]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[23]  Yuewu Wang,et al.  TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[24]  Ahmad-Reza Sadeghi,et al.  SANCTUARY: ARMing TrustZone with User-space Enclaves , 2019, NDSS.

[25]  Ning Zhang,et al.  SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[26]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.