Self-secured devices: high performance and secure I/O access in TrustZone-based systems

Detalhes bibliográficos
Autor(a) principal: Pinto, Sandro
Data de Publicação: 2021
Outros Autores: Machado, Pedro Miguel Silvestre, Oliveira, Daniel José Cunha, Cerdeira, David Martins, Gomes, Tiago Manuel Ribeiro
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: https://hdl.handle.net/1822/81636
Resumo: Arm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance.This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing.
id RCAP_61c530f8da5cbe81d5d6b918b93b8cfc
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/81636
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Self-secured devices: high performance and secure I/O access in TrustZone-based systemsTrustZoneSecurityVirtualizationTEESelf-secured devicesScience & TechnologyArm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance.This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing.This work has been supported by FCT -Fundação para a Ciência e a Tecnologia, Portugal within the R&D Units Project Scope: UIDB/00319/2020.ElsevierUniversidade do MinhoPinto, SandroMachado, Pedro Miguel SilvestreOliveira, Daniel José CunhaCerdeira, David MartinsGomes, Tiago Manuel Ribeiro2021-07-152021-07-15T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://hdl.handle.net/1822/81636eng1383-762110.1016/j.sysarc.2021.102238102238https://www.sciencedirect.com/science/article/pii/S138376212100165X?via%3Dihubinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:29:34Zoai:repositorium.sdum.uminho.pt:1822/81636Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T19:24:35.326575Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Self-secured devices: high performance and secure I/O access in TrustZone-based systems
title Self-secured devices: high performance and secure I/O access in TrustZone-based systems
spellingShingle Self-secured devices: high performance and secure I/O access in TrustZone-based systems
Pinto, Sandro
TrustZone
Security
Virtualization
TEE
Self-secured devices
Science & Technology
title_short Self-secured devices: high performance and secure I/O access in TrustZone-based systems
title_full Self-secured devices: high performance and secure I/O access in TrustZone-based systems
title_fullStr Self-secured devices: high performance and secure I/O access in TrustZone-based systems
title_full_unstemmed Self-secured devices: high performance and secure I/O access in TrustZone-based systems
title_sort Self-secured devices: high performance and secure I/O access in TrustZone-based systems
author Pinto, Sandro
author_facet Pinto, Sandro
Machado, Pedro Miguel Silvestre
Oliveira, Daniel José Cunha
Cerdeira, David Martins
Gomes, Tiago Manuel Ribeiro
author_role author
author2 Machado, Pedro Miguel Silvestre
Oliveira, Daniel José Cunha
Cerdeira, David Martins
Gomes, Tiago Manuel Ribeiro
author2_role author
author
author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Pinto, Sandro
Machado, Pedro Miguel Silvestre
Oliveira, Daniel José Cunha
Cerdeira, David Martins
Gomes, Tiago Manuel Ribeiro
dc.subject.por.fl_str_mv TrustZone
Security
Virtualization
TEE
Self-secured devices
Science & Technology
topic TrustZone
Security
Virtualization
TEE
Self-secured devices
Science & Technology
description Arm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance.This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing.
publishDate 2021
dc.date.none.fl_str_mv 2021-07-15
2021-07-15T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/1822/81636
url https://hdl.handle.net/1822/81636
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 1383-7621
10.1016/j.sysarc.2021.102238
102238
https://www.sciencedirect.com/science/article/pii/S138376212100165X?via%3Dihub
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Elsevier
publisher.none.fl_str_mv Elsevier
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799132726272458752