首页 » 文章 » 文章详细信息
Security and Communication Networks Volume 2019 ,2019-03-04
SoftME: A Software-Based Memory Protection Approach for TEE System to Resist Physical Attacks
Research Article
Meiyu Zhang 1 Qianying Zhang 1 , 2 Shijun Zhao 3 Zhiping Shi 1 , 4 Yong Guan 1 , 5
Show affiliations
DOI:10.1155/2019/8690853
Received 2018-11-29, accepted for publication 2019-02-06, Published 2019-02-06
PDF
摘要

The development of the Internet of Things has made embedded devices widely used. Embedded devices are often used to process sensitive data, making them the target of attackers. ARM TrustZone technology is used to protect embedded device data from compromised operating systems and applications. But as the value of the data stored in embedded devices increases, more and more effective physical attacks have emerged. However, TrustZone cannot resist physical attacks. We propose SoftME, an approach that utilizes the on-chip memory space to provide a trusted execution environment for sensitive applications. We protect the confidentiality and integrity of the data stored on the off-chip memory. In addition, we design task scheduling in the encryption process. We implement a prototype system of our approach on the development board supporting TrustZone and evaluate the overhead of our approach. The experimental results show that our approach improves the security of the system, and there is no significant increase in system overhead.

授权许可

Copyright © 2019 Meiyu Zhang et al. 2019
This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

通讯作者

Qianying Zhang.College of Information Engineering, Capital Normal University, Beijing 100048, China, cnu.edu.cn;Beijing Advanced Innovation Center for Imaging Theory and Technology, Beijing 100048, China.qyzhang@cnu.edu.cn

推荐引用方式

Meiyu Zhang,Qianying Zhang,Shijun Zhao,Zhiping Shi,Yong Guan. SoftME: A Software-Based Memory Protection Approach for TEE System to Resist Physical Attacks. Security and Communication Networks ,Vol.2019(2019)

您觉得这篇文章对您有帮助吗?
分享和收藏
0

是否收藏?

参考文献
[1] P. Koopman. (2004). Embedded system security. Computer.37(7):95-97. DOI: 10.1016/j.future.2013.01.010.
[2] L. Su, A. Martinez, P. Guillemin. Hardware mechanism and performance evaluation of hierarchical page-based memory bus protection. :180. DOI: 10.1016/j.future.2013.01.010.
[3] D. Lie, C. Thekkath, M. Mitchell. (2000). Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices.35(11):168-177. DOI: 10.1016/j.future.2013.01.010.
[4] P. Varanasi, G. Heiser. Hardware-supported virtualization on ARM. . DOI: 10.1016/j.future.2013.01.010.
[5] W. Shi, H. H. S. Lee, M. Ghosh. Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems. :123-134. DOI: 10.1016/j.future.2013.01.010.
[6] N. Santos, H. Raj, S. Saroiu. (2014). Using ARM trustzone to build a trusted language runtime for mobile applications. ACM SIGARCH Computer Architecture News.42(1):67-80. DOI: 10.1016/j.future.2013.01.010.
[7] A. Tria, H. Choukri. (2011). Invasive attacks. Encyclopedia of Cryptography and Security:623-629. DOI: 10.1016/j.future.2013.01.010.
[8] L. Guan, J. Lin, Z. Ma. (2018). Copker: a cryptographic engine against cold-boot attacks. IEEE Transactions on Dependable and Secure Computing.15(5):742-754. DOI: 10.1016/j.future.2013.01.010.
[9] S. F. Yitbarek, M. T. Aga, R. Das. Cold boot attacks are still hot: Security analysis of memory scramblers in modern processors. :313-324. DOI: 10.1016/j.future.2013.01.010.
[10] M. Bellare, C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. .1976:531-545. DOI: 10.1016/j.future.2013.01.010.
[11] Y. Fan, S. Liu, G. Tan. One secure access scheme based on trusted execution environment. :16-21. DOI: 10.1016/j.future.2013.01.010.
[12] P. Stewin, I. Bystrov. Understanding DMA malware. .7591:21-41. DOI: 10.1016/j.future.2013.01.010.
[13] P. Papadopoulos, G. Vasiliadis, G. Christou, E. Markatos. et al.(2017). No sugar but all the taste! memory encryption without architectural support. European Symposium on Research in Computer Security.10493:362-380. DOI: 10.1016/j.future.2013.01.010.
[14] S. Zhao, Q. Zhang, G. Hu, Y. Qin. et al.Providing root of trust for ARM TrustZone using on-chip SRAM. :25-36. DOI: 10.1016/j.future.2013.01.010.
[15] S. Pinto, T. Gomes, J. Pereira. (2017). IIoTEED: an enhanced, trusted execution environment for industrial iot edge devices. IEEE Internet Computing.21(1):40-47. DOI: 10.1016/j.future.2013.01.010.
[16] R. Banakar, S. Steinke, B. S. Lee. Scratchpad memory: a design alternative for cache on-chip memory in embedded systems. :73-78. DOI: 10.1016/j.future.2013.01.010.
[17] L. Guan, P. Liu, X. Xing, X. Ge. et al.TrustShadow: secure execution of unmodified applications with ARM trustzone. :488-501. DOI: 10.1016/j.future.2013.01.010.
[18] P. Simmons. Security through amnesia: a software-based solution to the cold boot attack on disk encryption. :73-82. DOI: 10.1016/j.future.2013.01.010.
[19] D. Sangorrin, S. Honda, H. Takada. (2012). Integrated scheduling for a reliable Dual-OS monitor. Information and Media Technologies.7(2):627-638. DOI: 10.1016/j.future.2013.01.010.
[20] D. A. McGrew, J. Viega. The security and performance of the Galois/counter mode (GCM) of operation. .3348:343-355. DOI: 10.1016/j.future.2013.01.010.
[21] J. Y. Hwang, S. B. Suh, S. K. Heo, C. J. Park. et al.Xen on ARM: system virtualization using xen hypervisor for ARM-based secure mobile phones. :257-261. DOI: 10.1016/j.future.2013.01.010.
[22] W. Huang, V. Rudchenko, H. Shuang, Z. Huang. et al.Pearl-TEE: supporting untrusted applications in trustzone. :8-13. DOI: 10.1016/j.future.2013.01.010.
[23] P. Colp, J. Zhang, J. Gleeson, S. Suneja. et al.(2015). Protecting data on smartphones and tablets from memory attacks. ACM SIGARCH Computer Architecture News.43(1):177-189. DOI: 10.1016/j.future.2013.01.010.
[24] M. Sabt, M. Achemlal, A. Bouabdallah. Trusted execution environment: what it is, and what it is not. :57-64. DOI: 10.1016/j.future.2013.01.010.
[25] S. Yoo, Y. Liu, C. H. Hong, C. Yoo. et al.Mobivmm: a virtual machine monitor for mobile phones. :1-5. DOI: 10.1016/j.future.2013.01.010.
[26] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami. et al.(2013). Internet of Things (IoT): a vision, architectural elements, and future directions. Future Generation Computer Systems.29(7):1645-1660. DOI: 10.1016/j.future.2013.01.010.
[27] D. Sangorrin, S. Honda, H. Takada. Dual operating system architecture for real-time embedded systems. :6-15. DOI: 10.1016/j.future.2013.01.010.
[28] A. Huang. Keeping secrets in hardware: the microsoft Xbox™ case study. .2523:213-227. DOI: 10.1016/j.future.2013.01.010.
[29] M. Tilo, S. Michael, F. C. Freiling. Frost: forensic recovery of scrambled telephones. :373-388. DOI: 10.1016/j.future.2013.01.010.
[30] R. Tabish, R. Mancuso, S. Wasly, A. Alhammad. et al.A real-time scratchpad-centric OS for multi-core embedded systems. :1-11. DOI: 10.1016/j.future.2013.01.010.
[31] M. Henson, S. Taylor. Beyond full disk encryption: protection on security-enhanced commodity processors. :307-321. DOI: 10.1016/j.future.2013.01.010.
[32] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson. et al.(2009). Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM.52(5):91-98. DOI: 10.1016/j.future.2013.01.010.
[33] Z. Hua, J. Gu, Y. Xia. vTZ: virtualizing ARM trustzone. . DOI: 10.1016/j.future.2013.01.010.
[34] M. Gruhn, T. Muller. On the practicability of cold boot attacks. :390-397. DOI: 10.1016/j.future.2013.01.010.
[35] J. Jang, S. Kong, M. Kim. SeCReT: secure channel between rich execution environment and trusted execution environment. . DOI: 10.1016/j.future.2013.01.010.
[36] M. Henson, S. Taylor. Attack mitigation through memory encryption of security enhanced commodity processors. :265-268. DOI: 10.1016/j.future.2013.01.010.
[37] X. Chen, R. P. Dick, A. Choudhary. Operating system controlled processor-memory bus encryption. :1154-1159. DOI: 10.1016/j.future.2013.01.010.
[38] D. Arora, S. Ravi, A. Raghunathan, N. K. Jha. et al.(2006). Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Transactions on Very Large Scale Integration (VLSI) Systems.14(12):1295-1308. DOI: 10.1016/j.future.2013.01.010.
[39] S. Chhabra, B. Rogers, Y. Solihin. SecureME: a hardware-software approach to full system security. :108-119. DOI: 10.1016/j.future.2013.01.010.
[40] H. Krawczyk, P. Eronen. (2010). HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC Editor(RFC5869). DOI: 10.1016/j.future.2013.01.010.
[41] F. Wortmann, K. Flüchter. (2015). Internet of things: technology and value added. Business & Information Systems Engineering.57(3):221-224. DOI: 10.1016/j.future.2013.01.010.
[42] D. Hong, L. A. D. Bathen, S.-S. Lim, N. Dutt. et al.DynaPoMP: dynamic policy-driven memory protection for SPM-based embedded systems. . DOI: 10.1016/j.future.2013.01.010.
[43] D. McGrew, J. Viega. The Galois/counter mode of operation (GCM). . DOI: 10.1016/j.future.2013.01.010.
[44] N. Zhang, K. Sun, W. Lou. Case: cache-assisted secure execution on ARM processors. :72-90. DOI: 10.1016/j.future.2013.01.010.
文献评价指标
浏览 546次
下载全文 20次
评分次数 688次
用户评分 0.0分
分享 0次