Trusted execution environments (TEEs) are becoming a requirement to protect a wide range of platforms, from cloud servers to embedded sensors. In this paper, we take a first step towards providing a pure-software Trusted Execution Environment (TEE) for resource-constrained embedded devices that lack basic hardware-based security features, such as Memory Protection Units (MPUs). Our key instrument in providing the features of TEEs is a formally-verified software-based memory isolation technique called the Security MicroVisor (SµV), that serves as a programmable trusted layer, which provides isolation by policing and regulating the execution of assembly-level instructions. This paper contributes the first architecture of a pure software TEE that supports all of the features that have been standardized by the GlobalPlatform Organization. Our implementation and evaluation results demonstrate the feasibility of implementing a standards-compliant software-based TEE for low-end embedded devices without hardware support or modification that has proven security against all networked attacks.
Towards a standards-compliant pure-software trusted execution environment for resource-constrained embedded devices / Janjua, H.; Ammar, M.; Crispo, B.; Hughes, D.. - (2019), pp. 1-6. (Intervento presentato al convegno 4th Workshop on System Software for Trusted Execution, SysTEX 2019 tenutosi a can nel 2019) [10.1145/3342559.3365338].
Towards a standards-compliant pure-software trusted execution environment for resource-constrained embedded devices
Crispo B.;
2019-01-01
Abstract
Trusted execution environments (TEEs) are becoming a requirement to protect a wide range of platforms, from cloud servers to embedded sensors. In this paper, we take a first step towards providing a pure-software Trusted Execution Environment (TEE) for resource-constrained embedded devices that lack basic hardware-based security features, such as Memory Protection Units (MPUs). Our key instrument in providing the features of TEEs is a formally-verified software-based memory isolation technique called the Security MicroVisor (SµV), that serves as a programmable trusted layer, which provides isolation by policing and regulating the execution of assembly-level instructions. This paper contributes the first architecture of a pure software TEE that supports all of the features that have been standardized by the GlobalPlatform Organization. Our implementation and evaluation results demonstrate the feasibility of implementing a standards-compliant software-based TEE for low-end embedded devices without hardware support or modification that has proven security against all networked attacks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione