TEE-BONE: Securing Smartphone Apps Using Hardware-Only Isolation Primitives
MetadataShow full item record
AbstractModern device manufacturers often rely on a combination of hardware-assisted virtualization and privileged software to isolate a security-critical trusted execution environment (TEE) from a general-purpose rich execution environment (REE). Prior EE isolation technologies have required software support due to both the complexity of their models and a lack of fully-virtualizable phones (i.e., phones in which every physical resource can be virtualized by the hardware). Unfortunately, EE isolation models such as ARM TrustZone expect the privileged software to manage a complex set of inter-EE tasks, resulting in a large threat surface for attackers wishing to bypass EE isolation.
We propose that by removing unnecessary inter-EE functionality and expanding native hardware virtualization throughout the device, we can achieve EE isolation purely via hardware-based isolation mechanisms. We present TEE-BONE, the first smartphone EE isolation technology to implement all EE isolation mechanisms and policies in the device's hardware. At phone manufacture time, the manufacturer creates a static, immutable partitioning of the virtual resources belonging to each hardware component. TEE-BONE provides no mechanisms for inter-EE communication, prohibits simultaneous execution of EEs, and requires human-hardware interaction to switch between EEs. By placing these restrictions on EE usage, TEE-BONE can eliminate complex trusted software and its associated threat surface. We argue that this approach will improve security while imposing minimal degradation of phone usability.
Citable link to this pagehttp://nrs.harvard.edu/urn-3:HUL.InstRepos:38811558
- FAS Theses and Dissertations