Open Access Subscription Access
Security Impact of Trusted Execution Environment in Rich Execution Environment Based Systems
Security threats are growing in a very fast manner ever since the introduction and widespread use of mobile computing devices like smartphones became popular. So, there arises a necessity to introduce security mechanisms to deal with such threats in actual operating system environments. Trusted Execution Environment (TEE) is one such successful approach where dedicated secure hardware is used in combination with its own operating system software which works apart from the real execution environment for achieving an isolation from the real world processing. However, TEE still lacks a common design strategy as its implementation of is done by different manufacturers using their own hardware in a not so unified manner. So, here in this paper we try to study and follow the design strategies of a TEE with its basic concepts to analyze its security impact over a normal execution environment. As the use of mobile applications is growing day by day, the design strategies discussed in this document are mostly related and well suited for mobile platforms. Existing software based security mechanisms in mobile platforms like application sandbox is discussed in the later section of the document to analyze the type and the amount of vulnerabilities a TEE based system can fix over such strategies. The main application areas that a TEE can be securely employed is also discussed in the final section of this document to analyze the security impact that a TEE employed system can provide to a Rich Execution Environment.
DRM, Kernel, Modular Programming, REE, Secure Payment and Authentication, TEE.
- “Introduction to Trusted Execution Environments,” GlobalPlatform Inc., 2018. [Online]. Available: https://globalplatform.org/wp-content/uploads/2018/05/Introduction-to-Trusted-Execution-Environment-15May2018.pdf
- J. Philip and M. Raju, “A formal overview of application sandbox in Android and iOS with the need to secure sandbox against increasing number of malware attacks,” Indian Journal of Computer Science, vol. 4, no.3, pp. 32 – 40, 2019.
- J. Philip and M. Raju, “An overview about the security architecture of the mobile operating system iOS”,Indian Journal of Computer Science, vol. 4, no. 1, pp. 13–18, 2019. DOI: 10.17010/ijcs/2019/v4/i1/142412
- J. Philip and M. Raju "Encoding and encryption of digital cinema package," Indian Journal of Computer Science, vol. 4,no. 5, pp. 7–17, 2019. DOI:10.17010/ijcs/2019/v4/i5/149455
- J. M. Rushby, “Design and verification of secure systems,” SIGOPS Oper. Syst. Rev., vol. 15, no. 5, pp.12–21,1981.DOI: https://doi.org/10.1145/1067627.806586
- J. Ames, Stanley R., M. Gasser, and R. R. Schell, “Security kernel design and implementation: An introduction,” Computer, vol. 16,no. 7, pp. 14–22, 1983. DOI: https://doi.org/10.1109/MC.1983.1654439
- “U.S. government protection profile for separation kernels in environments requiring high robustness,” Information Assurance Directorate,June 29, 2007, version1.03. [Online].Available : https://www.commoncriteriaportal.org/files/ppfiles/pp_ skpp_hr_v1.03.pdf
- M. Sabt, M. Achemlal, and A. Bouabdallah, ” Trusted execution environment: What it is, and what it is not.” 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Aug 2 015,Helsinki, Finland.DOI: 10.1109/Trustcom.2015.357
- Arm TrustZone Technology. [Online]. Available: https://developer.arm.com/ip-products/security-ip/trustzone
- Introduction to Trusted Execution Environment: ARM's Trust Zone.[Online].Available : https://blog.quarkslab.com/introduction-to-trusted-execution-environment-arms-trustzone.html
- “The tiny chip that powers up pixel 3 security,” Wired. [Online].Available :https://www.wired.com/story/google-titan-m-security-chip-pixel-3/
- R. Triggs, “Will Google’s Titan M make it harder for the ROMing scene?,” 2018.[Online]. Available: https://www.androidauthority.com/titan-m-security-chip-915888/
- C. Hoffman, “Your smartphone has a special security chip. Here’s how it works,” How-to Geek, 2018.[Online]. Available: https://www.howtogeek.com/387934/your-smartphone-has-a-special-security-chip.-heres-how-it-works/
- Intel, “Intel Software Guard Extensions,” 2019. [Online]. Available: https://software.intel.com/en-us/sgx/
- R. R. Collins, “Intel’s system management mode.” [Online].Available:http://www.rcollins.org/ddj/Jan97/Jan97.html
- V. Costan, I. Lebedev, and S. Devadas, “Sanctum: Minimal hardware extensions for strong software isolation,” in USENIX Security Symposium. USENIX Association, pp. 857–874, 2016.
- T. Mandt, M. Solnik, and D. Wang, “Demystifying the secure enclave processor,” Azimuth Security, 2016. [Online]. Available: https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
- Qualcomm, “Qualcomm Secure Processing Unit SPU230 Core Security Target Lite,” 2019.[Online]. Available :https://www.commoncriteriaportal.org/files/epfiles/1045 b_pdf.pdf
- X. Xin, “Titan M makes Pixel 3 our most secure phone yet, ” 2018. [Online].Available : https://www.blog.google/products/pixel/titan-m-makes-pixel-3-our-most-secure-phone-yet/
- T. C. Group, “Trusted Platform Module (TPM),” 2018. [Online].Available : https://trustedcomputinggroup.org/workgroups/trusted-platform-module/
- “Virtualization-based Security (VBS),” 2017. [Online]. Available: https://docs.microsoft.com/en-:us/windows-hardware/design/device-experiences/oem-vbs
- AMD, “AMD Secure Encrypted Virtualization (SEV),”2019.[Online]. Available:https://developer.amd.com/sev/
- “Getting Started with Intel Active Management Technology (Intel AMT),” 2019. [Online]. Available: https://software.intel.com/en-us/articles/gettingstarted-with-intel-active-management-technology-amt
Abstract Views: 8
PDF Views: 0