Abstract
The security of an application depends not only on its design and programming, but also on the platform it runs on: the underlying Operating System and hardware. As today’s systems get more and more complex, the probability of finding vulnerabilities increases and might compromise their security. In order to protect against this scenario, the idea of hardware-assisted trusted execution has appeared: technologies such as Intel SGX and ARM TrustZone promise to solve this by introducing additional checks inside the CPUs for specific resources to be accessible only by trusted programs running in isolated contexts. Our paper proposes a method to run unmodified GNU/Linux programs inside ARM TrustZone’s secure domain, getting the trusted execution benefits while retaining accessibility of the OS’s services (like file and network I/O) by using an automated system call proxying layer. We test that sample applications doing disk/network I/O can run unmodified, having only a small, constant latency overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Advanced Micro Devices: AMD Platform Security. https://www.amd.com/en/technologies/security
Checkoway, S., Shacham, H.: Iago attacks: why the system call API is a bad untrusted RPC interface, vol. 41. ACM (2013)
Criswell, J., Dautenhahn, N., Adve, V.: Virtual ghost: protecting applications from hostile operating systems. ACM SIGARCH Comput. Arch. News 42(1), 81–96 (2014)
Ekberg, J.E., Kostiainen, K., Asokan, N.: The untapped potential of trusted execution environments on mobile devices. IEEE Secur. Priv. 12(4), 29–37 (2014)
Guan, L., et al.: Trustshadow: secure execution of unmodified applications with arm trustzone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488–501. ACM (2017)
Hendricks, J., Van Doorn, L.: Secure bootstrap is not enough: shoring up the trusted computing base. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, p. 11. ACM (2004)
Holdings, A.: Arm Architecture Manual. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.subset.architecture.reference/index.html
Holdings, A.: ARM TrustZone Security Extensions. https://developer.arm.com/technologies/trustzone
Intel: Intel SGX Software Guard Extensions. https://software.intel.com/en-us/sgx
Jang, J., et al.: Privatezone: providing a private execution environment using arm trustzone. IEEE Trans. Dependable Secur. Comput. 15(5), 797–810 (2018)
Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., Taylor, R.C., Turner, S.J., Farrell, J.F.: The inevitability of failure: the flawed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference, vol. 10, pp. 303–314 (1998)
National Institute of Standards and Technology: National Vulnerability Database Statistics (2017). https://nvd.nist.gov/vuln/search/statistics
Rushby, J.M.: Design and verification of secure systems, vol. 15. ACM (1981)
Acknowledgments
This work was supported by a grant of Romanian Ministry of Research and Innovation, CCCDI - UEFISCDI, project number PN-III-P1-1.2-PCCDI-2017-0272/17PCCDI-2018, within PNCDI III.
Many thanks to Lucian Mogoșanu for early help on this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Velciu, V., Stancu, F., Chiroiu, M. (2019). HiddenApp - Securing Linux Applications Using ARM TrustZone. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)