HiddenApp - Securing Linux Applications Using ARM TrustZone
The security of an application depends not only on its design and programming, but also on the platform it runs on: the underlying Operating System and hardware. As today’s systems get more and more complex, the probability of finding vulnerabilities increases and might compromise their security. In order to protect against this scenario, the idea of hardware-assisted trusted execution has appeared: technologies such as Intel SGX and ARM TrustZone promise to solve this by introducing additional checks inside the CPUs for specific resources to be accessible only by trusted programs running in isolated contexts. Our paper proposes a method to run unmodified GNU/Linux programs inside ARM TrustZone’s secure domain, getting the trusted execution benefits while retaining accessibility of the OS’s services (like file and network I/O) by using an automated system call proxying layer. We test that sample applications doing disk/network I/O can run unmodified, having only a small, constant latency overhead.
KeywordsSecurity Trusted execution environment ARM TrustZone SysCall Proxying Partitioning
This work was supported by a grant of Romanian Ministry of Research and Innovation, CCCDI - UEFISCDI, project number PN-III-P1-1.2-PCCDI-2017-0272/17PCCDI-2018, within PNCDI III.
Many thanks to Lucian Mogoșanu for early help on this project.
- 1.Advanced Micro Devices: AMD Platform Security. https://www.amd.com/en/technologies/security
- 2.Checkoway, S., Shacham, H.: Iago attacks: why the system call API is a bad untrusted RPC interface, vol. 41. ACM (2013)Google Scholar
- 3.Criswell, J., Dautenhahn, N., Adve, V.: Virtual ghost: protecting applications from hostile operating systems. ACM SIGARCH Comput. Arch. News 42(1), 81–96 (2014)Google Scholar
- 5.Guan, L., et al.: Trustshadow: secure execution of unmodified applications with arm trustzone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488–501. ACM (2017)Google Scholar
- 6.Hendricks, J., Van Doorn, L.: Secure bootstrap is not enough: shoring up the trusted computing base. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, p. 11. ACM (2004)Google Scholar
- 7.Holdings, A.: Arm Architecture Manual. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.subset.architecture.reference/index.html
- 8.Holdings, A.: ARM TrustZone Security Extensions. https://developer.arm.com/technologies/trustzone
- 9.Intel: Intel SGX Software Guard Extensions. https://software.intel.com/en-us/sgx
- 11.Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., Taylor, R.C., Turner, S.J., Farrell, J.F.: The inevitability of failure: the flawed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference, vol. 10, pp. 303–314 (1998)Google Scholar
- 12.National Institute of Standards and Technology: National Vulnerability Database Statistics (2017). https://nvd.nist.gov/vuln/search/statistics
- 13.Rushby, J.M.: Design and verification of secure systems, vol. 15. ACM (1981)Google Scholar