基于TrustZone的开放环境中敏感应用防护方案

发布时间：2018-06-24 09:14

本文选题：TrustZone + 可信执行环境　；参考：《计算机研究与发展》2017年10期

【摘要】：针对BYOD(bring your own device)、移动云计算等兼具强安全性、高开放性需求的新型应用场景,提出了一种移动嵌入式平台敏感应用防护方案.为满足强安全性需求,方案基于ARM TrustZone硬件隔离技术构建可信执行环境,即使在整个操作系统内核被攻破的情况下仍能保证敏感应用的安全.为满足高开放性需求,方案实现了传统TrustZone安全方案不具备的两大优势.首先,将TrustZone保护域扩展至普通世界,安全世界不再实现具体的敏感应用,而只实现一个轻量级监控模块用以监控普通世界内核的行为.因此整个系统可信计算基不随敏感应用数量的增加而增大,减少了其可攻击面和潜在漏洞。其次,监控模块确保内核为这些敏感应用提供安全的系统服务,从而为满足开放性需求提供关键功能支持,例如提供标准系统调用接口、敏感应用动态部署和加载等.最后,方案提出了内核主动证明机制,要求内核主动提供关键信息协助监控模块验证其自身行为,有效提高了系统运行效率.在真实设备上实现了原型系统,实验结果证明了该方案的安全性和较为理想的运行效率.
[Abstract]:Aiming at the new application scenarios of BYOD (bring your own device), mobile cloud computing with strong security and high openness, a mobile embedded platform sensitive application protection scheme is proposed. In order to meet the requirement of strong security, the scheme builds a trusted execution environment based on arm TrustZone hardware isolation technology, which can guarantee the security of sensitive applications even if the whole operating system kernel is broken. In order to meet the requirement of high openness, the scheme realizes two advantages that the traditional TrustZone security scheme does not have. Firstly, the TrustZone protection domain is extended to the ordinary world. Instead of implementing specific sensitive applications, the secure world only implements a lightweight monitoring module to monitor the behavior of the common world kernel. Therefore, the trusted computing base of the whole system does not increase with the increase of the number of sensitive applications, which reduces its attack surface and potential vulnerabilities. Secondly, the monitoring module ensures that the kernel provides secure system services for these sensitive applications, thus providing critical functional support to meet the open requirements, such as providing standard system call interfaces, dynamic deployment and loading of sensitive applications, and so on. Finally, the scheme proposes a kernel active certification mechanism, which requires the kernel to provide key information to assist the monitoring module to verify its own behavior, which effectively improves the efficiency of the system. The prototype system is implemented on real equipment. The experimental results show that the proposed scheme is safe and efficient.
【作者单位】：中国科学院软件研究所可信计算与信息保障实验室;中国科学院大学;计算机科学国家重点实验室(中国科学院软件研究所);
【基金】：国家自然科学基金项目(91118006,61402455,61602455)~~
【分类号】：TP309

【相似文献】