ABSTRACT
The co-existence of critical and non-critical applications on computing devices, such as mobile phones, is becoming commonplace. The sensitive segments of a critical application should be executed in isolation on Trusted Execution Environments (TEE) so that the associated code and data can be protected from malicious applications. TEE is supported by different technologies and platforms, such as ARM Trustzone, that allow logical separation of "secure" and "normal" worlds.
We develop an approach for automated partitioning of critical Android applications into "client" code to be run in the "normal" world and "TEE commands" encapsulating the handling of confidential data to be run in the "secure" world. We also reduce the overhead due to transitions between the two worlds by choosing appropriate granularity for the TEE commands. The advantage of our proposed solution is evidenced by efficient partitioning of real-world applications.
- Android ndk toolset. https://developer.android.com/ndk/index.html.Google Scholar
- card.io. https://www.card.io.Google Scholar
- Global platform device specifications. http://www.globalplatform.org/specificationsdevice.asp.Google Scholar
- Google authenticator. https://github.com/google/google-authenticator-android.Google Scholar
- Hash it! http://android.ginkel.com/.Google Scholar
- Microvison co., ltd. microvision mv4412 board. http://www.boardset.com/products/products v4412.php.Google Scholar
- Openkeychain. http://www.openkeychain.org/.Google Scholar
- Pixelknot. https://guardianproject.info/apps/pixelknot/.Google Scholar
- Sierraware: Sierratee trusted execution environment. http://sierraware.com/open-source-ARM-TrustZone.html.Google Scholar
- The MITRE Corporation: List of common vulnerabilities and exposures for all versions of Google Android. http://www.cvedetails.com/product/19997/Google-Android.html?vendor\_id=1224/.Google Scholar
- GlobalPlatform Device Technology TEE Client API Specification Version 1.0 GPD SPE 007. Technical report, July 2010.Google Scholar
- GlobalPlatform Device Technology TEE Internal API Specification Version 1.0 GPD SPE 010. Technical report, December 2011.Google Scholar
- GlobalPlatform Device Technology TEE System Architecture Version 1.0 GPD SPE 009. Technical report, December 2011.Google Scholar
- Initiative for open authentication. http://openauthentication.org/specification, 2015.Google Scholar
- D. Akhawe, P. Saxena, and D. Song. Privilege separation in html5 applications. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pages 429--444, Bellevue, WA, 2012. USENIX. Google ScholarDigital Library
- ARM. Arm security technology -- building a secure system using trustzone technology. arm technical white paper. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf, 2009.Google Scholar
- A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 90--102, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- D. Beer. Quirc. https://github.com/dlbeer/quirc/.Google Scholar
- D. Brumley and D. Song. Privtrans: Automatically partitioning programs for privilege separation. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 57--72, 2004. Google ScholarDigital Library
- J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. RFC 4880: OpenPGP Message Format. Rfc 4880, RFC Editor, November 2007.Google Scholar
- A. Cheung, S. Madden, O. Arden, and A. C. Myers. Automatic partitioning of database applications. Proc. VLDB Endow., 5(11):1471--1482, July 2012. Google ScholarDigital Library
- S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, pages 31--44, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- J.-E. Ekberg, K. Kostiainen, and N. Asokan. Trusted execution environments on mobile devices. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pages 1497--1498, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- C. Fritz, S. Arzt, and S. Rasthofer. Droidbench test suite. http://sseblog.ec-spride.de/tools/droidbench/.Google Scholar
- C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN conference on Programming language design and implementation (PLDI), 2014. Google ScholarDigital Library
- D. Geneiatakis, G. Portokalidis, V. P. Kemerlis, and A. D. Keromytis. Adaptive defenses for commodity software through virtual application partitioning. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 133--144, 2012. Google ScholarDigital Library
- P. Lam, E. Bodden, O. Lhoták, and L. Hendren. The Soot framework for Java program analysis: a retrospective. In Cetus Users and Compiler Infrastructure Workshop, Galveston Island, TX, October 2011.Google Scholar
- B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Trans. Comput. Syst., 10(4):265--310, Nov. 1992. Google ScholarDigital Library
- Y. Liu, T. Zhou, K. Chen, H. Chen, and Y. Xia. Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In 22th ACM Conference on Computer and Communications Security, Denver, Colorado, US, October 2015. Google ScholarDigital Library
- B. Livshits. Securibench micro test suite. http://suif.stanford.edu/~livshits/work/securibench-micro/.Google Scholar
- C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun. Secure enrollment and practical migration for mobile trusted execution environments. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM '13, pages 93--98, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun. Smartphones as practical and secure location verification tokens for payments. In Proceedings of the Network and Distributed System Security Symposium, NDSS'14, 2014.Google ScholarCross Ref
- S. Rasthofer, S. Arzt, and E. Bodden. A machine-learning approach for classifying and categorizing android sources and sinks. Network and Distributed System Security Symposium (NDSS), 2014.Google ScholarCross Ref
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '95, pages 49--61, New York, NY, USA, 1995. ACM. Google ScholarDigital Library
- N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, pages 67--80, 2014. Google ScholarDigital Library
- O. Tripp, M. Pistoia, P. Cousot, R. Cousot, and S. Guarnieri. Andromeda: Accurate and scalable security analysis of web applications. In Proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering, FASE'13, pages 210--225, Berlin, Heidelberg, 2013. Springer-Verlag. Google ScholarDigital Library
- R. Vallee-Rai and L. J. Hendren. Jimple: Simplifying java bytecode for analyses and transformations. Technical report, Sable Research Group, McGill University, 1998.Google Scholar
- R. M. van Rijswijk and J. van Dijk. tiqr: a novel take on two-factor authentication. In Proceedings of LISA '11: 25th Large Installation System Administration Conference, pages 81--97, Boston, MA, 2011. USENIX Association. Google ScholarDigital Library
- A. Vasudevan, J. M. McCune, and J. Newsome. Trustworthy Execution on Mobile Devices, volume 8 of SpringerBriefs in Computer Science. Springer, 2014. Google ScholarDigital Library
- J. Winter, P. Wiegele, M. Pirker, and R. Tögl. A flexible software development and emulation framework for arm trustzone. In Proceedings of the Third International Conference on Trusted Systems, INTRUST'11, pages 1--15, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarDigital Library
- Y. Wu, J. Sun, Y. Liu, and J. S. Dong. Automatically partition software into least privilege components using dynamic data dependency analysis. In 2013 IEEE/ACM 28th International Conference on Automated Software Engineering (ASE), pages 323--333, Nov 2013.Google ScholarDigital Library
- S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Trans. Comput. Syst., 20(3):283--328, Aug. 2002. Google ScholarDigital Library
- Automated partitioning of android applications for trusted execution environments
Recommendations
Trusted execution environments on mobile devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityA trusted execution environment (TEE) is a secure processing environment that is isolated from the normal processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a ...
TEEv: virtualizing trusted execution environments on mobile platforms
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsTrusted Execution Environments (TEE) are widely deployed, especially on smartphones. A recent trend in TEE development is the transition from vendor-controlled, single-purpose TEEs to open TEEs that host Trusted Applications (TAs) from multiple sources ...
A Secure IIoT Gateway Architecture based on Trusted Execution Environments
AbstractIndustrial Internet of Things (IIoT) gateways are affected by many cybersecurity threats, compromising their security and dependability. These gateways usually represent single points of failure on the IIoT infrastructure. When compromised, they ...
Comments