research-article

Automated partitioning of android applications for trusted execution environments

Authors:
Konstantin Rubinov

DeepSE Group at DEIB, Politecnico di Milano, Italy

DeepSE Group at DEIB, Politecnico di Milano, Italy
View Profile

,
Lucia Rosculete

Application Threat Intelligence, Ixia, Romania

Application Threat Intelligence, Ixia, Romania
View Profile

,
Tulika Mitra

National University of Singapore, Singapore

National University of Singapore, Singapore
View Profile

,
Abhik Roychoudhury

National University of Singapore, Singapore

National University of Singapore, Singapore
View Profile

ICSE '16: Proceedings of the 38th International Conference on Software EngineeringMay 2016Pages 923–934https://doi.org/10.1145/2884781.2884817

Published:14 May 2016Publication History

ICSE '16: Proceedings of the 38th International Conference on Software Engineering

Pages 923–934

ABSTRACT

The co-existence of critical and non-critical applications on computing devices, such as mobile phones, is becoming commonplace. The sensitive segments of a critical application should be executed in isolation on Trusted Execution Environments (TEE) so that the associated code and data can be protected from malicious applications. TEE is supported by different technologies and platforms, such as ARM Trustzone, that allow logical separation of "secure" and "normal" worlds.

We develop an approach for automated partitioning of critical Android applications into "client" code to be run in the "normal" world and "TEE commands" encapsulating the handling of confidential data to be run in the "secure" world. We also reduce the overhead due to transitions between the two worlds by choosing appropriate granularity for the TEE commands. The advantage of our proposed solution is evidenced by efficient partitioning of real-world applications.

References

Android ndk toolset. https://developer.android.com/ndk/index.html.Google Scholar
card.io. https://www.card.io.Google Scholar
Global platform device specifications. http://www.globalplatform.org/specificationsdevice.asp.Google Scholar
Google authenticator. https://github.com/google/google-authenticator-android.Google Scholar
Hash it! http://android.ginkel.com/.Google Scholar
Microvison co., ltd. microvision mv4412 board. http://www.boardset.com/products/products v4412.php.Google Scholar
Openkeychain. http://www.openkeychain.org/.Google Scholar
Pixelknot. https://guardianproject.info/apps/pixelknot/.Google Scholar
Sierraware: Sierratee trusted execution environment. http://sierraware.com/open-source-ARM-TrustZone.html.Google Scholar
The MITRE Corporation: List of common vulnerabilities and exposures for all versions of Google Android. http://www.cvedetails.com/product/19997/Google-Android.html?vendor\_id=1224/.Google Scholar
GlobalPlatform Device Technology TEE Client API Specification Version 1.0 GPD SPE 007. Technical report, July 2010.Google Scholar
GlobalPlatform Device Technology TEE Internal API Specification Version 1.0 GPD SPE 010. Technical report, December 2011.Google Scholar
GlobalPlatform Device Technology TEE System Architecture Version 1.0 GPD SPE 009. Technical report, December 2011.Google Scholar
Initiative for open authentication. http://openauthentication.org/specification, 2015.Google Scholar
D. Akhawe, P. Saxena, and D. Song. Privilege separation in html5 applications. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pages 429--444, Bellevue, WA, 2012. USENIX. Google ScholarDigital Library
ARM. Arm security technology -- building a secure system using trustzone technology. arm technical white paper. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf, 2009.Google Scholar
A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 90--102, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
D. Beer. Quirc. https://github.com/dlbeer/quirc/.Google Scholar
D. Brumley and D. Song. Privtrans: Automatically partitioning programs for privilege separation. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 57--72, 2004. Google ScholarDigital Library
J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. RFC 4880: OpenPGP Message Format. Rfc 4880, RFC Editor, November 2007.Google Scholar
A. Cheung, S. Madden, O. Arden, and A. C. Myers. Automatic partitioning of database applications. Proc. VLDB Endow., 5(11):1471--1482, July 2012. Google ScholarDigital Library
S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, pages 31--44, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
J.-E. Ekberg, K. Kostiainen, and N. Asokan. Trusted execution environments on mobile devices. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pages 1497--1498, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
C. Fritz, S. Arzt, and S. Rasthofer. Droidbench test suite. http://sseblog.ec-spride.de/tools/droidbench/.Google Scholar
C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN conference on Programming language design and implementation (PLDI), 2014. Google ScholarDigital Library
D. Geneiatakis, G. Portokalidis, V. P. Kemerlis, and A. D. Keromytis. Adaptive defenses for commodity software through virtual application partitioning. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 133--144, 2012. Google ScholarDigital Library
P. Lam, E. Bodden, O. Lhoták, and L. Hendren. The Soot framework for Java program analysis: a retrospective. In Cetus Users and Compiler Infrastructure Workshop, Galveston Island, TX, October 2011.Google Scholar
B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Trans. Comput. Syst., 10(4):265--310, Nov. 1992. Google ScholarDigital Library
Y. Liu, T. Zhou, K. Chen, H. Chen, and Y. Xia. Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In 22th ACM Conference on Computer and Communications Security, Denver, Colorado, US, October 2015. Google ScholarDigital Library
B. Livshits. Securibench micro test suite. http://suif.stanford.edu/~livshits/work/securibench-micro/.Google Scholar
C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun. Secure enrollment and practical migration for mobile trusted execution environments. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM '13, pages 93--98, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun. Smartphones as practical and secure location verification tokens for payments. In Proceedings of the Network and Distributed System Security Symposium, NDSS'14, 2014.Google ScholarCross Ref
S. Rasthofer, S. Arzt, and E. Bodden. A machine-learning approach for classifying and categorizing android sources and sinks. Network and Distributed System Security Symposium (NDSS), 2014.Google ScholarCross Ref
T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '95, pages 49--61, New York, NY, USA, 1995. ACM. Google ScholarDigital Library
N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, pages 67--80, 2014. Google ScholarDigital Library
O. Tripp, M. Pistoia, P. Cousot, R. Cousot, and S. Guarnieri. Andromeda: Accurate and scalable security analysis of web applications. In Proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering, FASE'13, pages 210--225, Berlin, Heidelberg, 2013. Springer-Verlag. Google ScholarDigital Library
R. Vallee-Rai and L. J. Hendren. Jimple: Simplifying java bytecode for analyses and transformations. Technical report, Sable Research Group, McGill University, 1998.Google Scholar
R. M. van Rijswijk and J. van Dijk. tiqr: a novel take on two-factor authentication. In Proceedings of LISA '11: 25th Large Installation System Administration Conference, pages 81--97, Boston, MA, 2011. USENIX Association. Google ScholarDigital Library
A. Vasudevan, J. M. McCune, and J. Newsome. Trustworthy Execution on Mobile Devices, volume 8 of SpringerBriefs in Computer Science. Springer, 2014. Google ScholarDigital Library
J. Winter, P. Wiegele, M. Pirker, and R. Tögl. A flexible software development and emulation framework for arm trustzone. In Proceedings of the Third International Conference on Trusted Systems, INTRUST'11, pages 1--15, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarDigital Library
Y. Wu, J. Sun, Y. Liu, and J. S. Dong. Automatically partition software into least privilege components using dynamic data dependency analysis. In 2013 IEEE/ACM 28th International Conference on Automated Software Engineering (ASE), pages 323--333, Nov 2013.Google ScholarDigital Library
S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Trans. Comput. Syst., 20(3):283--328, Aug. 2002. Google ScholarDigital Library

Automated partitioning of android applications for trusted execution environments
1. Security and privacy
  1. Systems security

Recommendations

Trusted execution environments on mobile devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

A trusted execution environment (TEE) is a secure processing environment that is isolated from the normal processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a ...
Read More
TEEv: virtualizing trusted execution environments on mobile platforms
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Trusted Execution Environments (TEE) are widely deployed, especially on smartphones. A recent trend in TEE development is the transition from vendor-controlled, single-purpose TEEs to open TEEs that host Trusted Applications (TAs) from multiple sources ...
Read More
A Secure IIoT Gateway Architecture based on Trusted Execution Environments
Abstract
Industrial Internet of Things (IIoT) gateways are affected by many cybersecurity threats, compromising their security and dependability. These gateways usually represent single points of failure on the IIoT infrastructure. When compromised, they ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '16: Proceedings of the 38th International Conference on Software Engineering
May 2016
1235 pages
ISBN:9781450339001
DOI:10.1145/2884781
General Chair:
Laura Dillon
Michigan State University
,
Program Chairs:
Willem Visser
Stellenbosch University, South Africa
,
Laurie Williams
North Carolina State University
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 14 May 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate276of1,856submissions,15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 27
  Total Citations
  View Citations
- 589
  Total Downloads
- Downloads (Last 12 months)48
- Downloads (Last 6 weeks)8
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Automated partitioning of android applications for trusted execution environments

ICSE '16: Proceedings of the 38th International Conference on Software Engineering

ABSTRACT

References

Cited By

Recommendations

Trusted execution environments on mobile devices

TEEv: virtualizing trusted execution environments on mobile platforms

A Secure IIoT Gateway Architecture based on Trusted Execution Environments