| Nowadays,cloud computing,blockchain and cloud storage technologies have developed rapidly.Because of this trendency,much more users’ sensitive tasks and private data are processed on the cloud platform.Therefore,it is a crucial problem to provide the guarantee of security,such as privacy and integrity,for the user level applications.Hardware-based TEE technology has become an ideal choice for cloud users’ data protection due to its security isolation capabilities.Existing popular commercial Trusted Execution Environment(TEE)technologies include ARM TrustZone and Intel SGX.As a security extension mechanism of the x86 architecture,SGX is designed in order to protect user-level application and data.In its design,the enclave is created by corresponding application and prevents any other privileged application to access data from the enclave.Compared with SGX,the TrustZone mechanism on the ARM platform has some weaknesses in user-level data security protection,because the design idea of TrustZone adopt the client-server(CS)model.It only provides a shared secured world for all trusted applications(TA),which means any threaten from a TA may lead to isolation failure.Because of the isolation,a TA cannot actively interact with the normal world,resulting in very restricted TA functions.At the same time,TrustZone technology has not provided local and remote attestation schemes.Therefore,existing TrustZone-based solutions cannot meet the strong security and openness requirements of the cloud service.In order to solve the aforementioned problems,we firstly give a detailed analysis to the characteristics of the TrustZone mechanism,then proposed three aspects of security design:(1)we implement a unified call interface in the secure world with the parameter inspected strictly,and forbit the direct call between TAs to achieve fine-grained isolation between security applications.(2)We implement the outcall function to enable the secure world to get the service provided by the normal world and set up security interrupt monitoring and interface encryption mechanisms to provide security for the interaction between the TAs and the CAs.(3)We design and implement local and remote attestation respectively based on TrustZone for the TAs to check the identities of other TAs to prevent attackers from stealing enclave data.Our evaluation results show that:(1)our scheme can effectively resist attacks on the user code and the interaction process between the secure world and the normal world.(2)The interaction performance loss between the TA and the CA is only 10% and achieves good operating efficiency.(3)The TrustZone certification scheme designed in this paper can effectively check the safety qualifications of the TAs and devices,and has low performance loss. |
PDF Full Text Request