TEE-BONE: Securing Smartphone Apps Using Hardware-Only Isolation Primitives
Abstract
Modern device manufacturers often rely on a combination of hardware-assisted virtualization and privileged software to isolate a security-critical trusted execution environment (TEE) from a general-purpose rich execution environment (REE). Prior EE isolation technologies have required software support due to both the complexity of their models and a lack of fully-virtualizable phones (i.e., phones in which every physical resource can be virtualized by the hardware). Unfortunately, EE isolation models such as ARM TrustZone expect the privileged software to manage a complex set of inter-EE tasks, resulting in a large threat surface for attackers wishing to bypass EE isolation.We propose that by removing unnecessary inter-EE functionality and expanding native hardware virtualization throughout the device, we can achieve EE isolation purely via hardware-based isolation mechanisms. We present TEE-BONE, the first smartphone EE isolation technology to implement all EE isolation mechanisms and policies in the device's hardware. At phone manufacture time, the manufacturer creates a static, immutable partitioning of the virtual resources belonging to each hardware component. TEE-BONE provides no mechanisms for inter-EE communication, prohibits simultaneous execution of EEs, and requires human-hardware interaction to switch between EEs. By placing these restrictions on EE usage, TEE-BONE can eliminate complex trusted software and its associated threat surface. We argue that this approach will improve security while imposing minimal degradation of phone usability.
Terms of Use
This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAACitable link to this page
http://nrs.harvard.edu/urn-3:HUL.InstRepos:38811558
Collections
- FAS Theses and Dissertations [6847]
Contact administrator regarding this item (to report mistakes or request changes)