Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Jang, Jinsoo | ko |
| dc.contributor.author | Kang, Brent Byunghoon | ko |
| dc.date.accessioned | 2020-09-18T03:57:52Z | - |
| dc.date.available | 2020-09-18T03:57:52Z | - |
| dc.date.created | 2020-09-14 | - |
| dc.date.created | 2020-09-14 | - |
| dc.date.created | 2020-09-14 | - |
| dc.date.created | 2020-09-14 | - |
| dc.date.issued | 2018-05 | - |
| dc.identifier.citation | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.17, no.5, pp.1000 - 1014 | - |
| dc.identifier.issn | 1545-5971 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/276065 | - |
| dc.description.abstract | ARM TrustZone provides a Trusted Execution Environment (TEE) to isolate security-critical services, which are generally invoked from the Rich Execution Environment (REE) through a communication channel established by executing the Secure Monitor Call (SMC) with the general registers configured as input parameters. Unfortunately, the communication channel has been abused by adversaries to incur misbehavior of the TEE, to analyze the internal working of the TEE, and to exploit its vulnerabilities. We therefore propose the TEE defense (TFence) framework that enables the creation of a partially privileged (par-priv) process, which benefits from the coordination of the system mode and virtualization extension. More specifically, on ARM architecture, direct invocation of hypercall and SMC is not allowed in the user process; however, we limitedly escalate the privilege of the process to enable it to directly communicate with trust anchors such as hypervisor and TrustZone. This approach enabled us to remove the kernel dependency when the process communicates with the TEE, which also reduces the attack surface to the critical part of the application involved in the communication. Besides, direct communication with the hypervisor facilitates the adoption of application-shielding approaches to protect the critical part and to restrict arbitrary access to the TEE. | - |
| dc.language | English | - |
| dc.publisher | IEEE COMPUTER SOC | - |
| dc.title | Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000562075400008 | - |
| dc.identifier.scopusid | 2-s2.0-85047599107 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 17 | - |
| dc.citation.issue | 5 | - |
| dc.citation.beginningpage | 1000 | - |
| dc.citation.endingpage | 1014 | - |
| dc.citation.publicationname | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | - |
| dc.identifier.doi | 10.1109/TDSC.2018.2840709 | - |
| dc.contributor.localauthor | Kang, Brent Byunghoon | - |
| dc.description.isOpenAccess | N | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Kernel | - |
| dc.subject.keywordAuthor | Communication channels | - |
| dc.subject.keywordAuthor | Security | - |
| dc.subject.keywordAuthor | Monitoring | - |
| dc.subject.keywordAuthor | Registers | - |
| dc.subject.keywordAuthor | Virtual machine monitors | - |
| dc.subject.keywordAuthor | Computer architecture | - |
| dc.subject.keywordAuthor | Mobile device security | - |
| dc.subject.keywordAuthor | trusted execution environment (TEE) | - |
| dc.subject.keywordAuthor | ARM TrustZone | - |
| dc.subject.keywordAuthor | communication channel security | - |
| dc.subject.keywordPlus | SECURE | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 4 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.