HiddenApp - Securing Linux Applications Using ARM TrustZone

  • Veronica Velciu
  • Florin StancuEmail author
  • Mihai Chiroiu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


The security of an application depends not only on its design and programming, but also on the platform it runs on: the underlying Operating System and hardware. As today’s systems get more and more complex, the probability of finding vulnerabilities increases and might compromise their security. In order to protect against this scenario, the idea of hardware-assisted trusted execution has appeared: technologies such as Intel SGX and ARM TrustZone promise to solve this by introducing additional checks inside the CPUs for specific resources to be accessible only by trusted programs running in isolated contexts. Our paper proposes a method to run unmodified GNU/Linux programs inside ARM TrustZone’s secure domain, getting the trusted execution benefits while retaining accessibility of the OS’s services (like file and network I/O) by using an automated system call proxying layer. We test that sample applications doing disk/network I/O can run unmodified, having only a small, constant latency overhead.


Security Trusted execution environment ARM TrustZone SysCall Proxying Partitioning 



This work was supported by a grant of Romanian Ministry of Research and Innovation, CCCDI - UEFISCDI, project number PN-III-P1-1.2-PCCDI-2017-0272/17PCCDI-2018, within PNCDI III.

Many thanks to Lucian Mogoșanu for early help on this project.


  1. 1.
    Advanced Micro Devices: AMD Platform Security.
  2. 2.
    Checkoway, S., Shacham, H.: Iago attacks: why the system call API is a bad untrusted RPC interface, vol. 41. ACM (2013)Google Scholar
  3. 3.
    Criswell, J., Dautenhahn, N., Adve, V.: Virtual ghost: protecting applications from hostile operating systems. ACM SIGARCH Comput. Arch. News 42(1), 81–96 (2014)Google Scholar
  4. 4.
    Ekberg, J.E., Kostiainen, K., Asokan, N.: The untapped potential of trusted execution environments on mobile devices. IEEE Secur. Priv. 12(4), 29–37 (2014)CrossRefGoogle Scholar
  5. 5.
    Guan, L., et al.: Trustshadow: secure execution of unmodified applications with arm trustzone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488–501. ACM (2017)Google Scholar
  6. 6.
    Hendricks, J., Van Doorn, L.: Secure bootstrap is not enough: shoring up the trusted computing base. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, p. 11. ACM (2004)Google Scholar
  7. 7.
  8. 8.
    Holdings, A.: ARM TrustZone Security Extensions.
  9. 9.
    Intel: Intel SGX Software Guard Extensions.
  10. 10.
    Jang, J., et al.: Privatezone: providing a private execution environment using arm trustzone. IEEE Trans. Dependable Secur. Comput. 15(5), 797–810 (2018)CrossRefGoogle Scholar
  11. 11.
    Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., Taylor, R.C., Turner, S.J., Farrell, J.F.: The inevitability of failure: the flawed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference, vol. 10, pp. 303–314 (1998)Google Scholar
  12. 12.
    National Institute of Standards and Technology: National Vulnerability Database Statistics (2017).
  13. 13.
    Rushby, J.M.: Design and verification of secure systems, vol. 15. ACM (1981)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University POLITEHNICA of BucharestBucharestRomania

Personalised recommendations