Research On Android Kernel Security Protection Technology Based On TEE

As the main smartphone platform,the Android system uses the application signature mechanism,UID security mechanism and other means to protect the application,kernel and other layers.However,attackers may still use kernel vulnerabilities to damage the Android kernel,for example,by obtaining root privileges,implanting malicious code,which may result in serious consequences such as user information leakage or property loss.In order to ensure the security of the code and key data running in the Linux kernel,this paper designs a TEE-based Android kernel security protection method based on the analysis of common threats to the Linux kernel,realizing the protection of the Linux kernel page table,the integrity check of the kernel code and key data,and the protection of the kernel process and kernel stack memory,effectively preventing process privilege escalation,kernel stack base address forgery and reuse attacks.The main work of this paper is summarized as follows:(1)Design a method of page table protection and periodic checking based on TEE:this method intercepts the operation of the kernel page table,completes the legality check of the page table operation in TEE Secure World,the page table is stored in the Linux kernel’s read-only secure memory to prevent attackers from tampering with the page table to attack the kernel;the integrity of the kernel code and key data is periodically checked in TEE Secure World to prevent attackers from tampering with the kernel code and key data.(2)Design a method of preventing process privilege escalation and process protection based on TEE:this method intercepts process credential operations,forwards it to TEE Secure World,checks its legality,and saves the process credentials in the secure memory,preventing process privilege escalation;the identification and protection codes of key processes such as periodic inspection and TEE communication are stored in the secure memory,and the function of preventing key processes from being killed is added by intercepting the operation of killing the process by the kernel.(3)Design a method of kernel stack protection based on TEE:this method intercepts the kernel stack operation,checks the legitimacy of the kernel stack operation in TEE Secure World,saves the process identification and its kernel stack base address in the secure memory.The kernel stack memory is protected by the combination of TZC-400 address space controller and W (?) X protection mechanism.This paper designs and implements the Android kernel security protection prototype system composed of the above methods.Tests show that the above method has met the expected requirements and security goals,and can defend against kernel attacks such as maliciously modifying page tables and elevating process privileges,while consuming about 1%of performance.