research-article

Towards a standards-compliant pure-software trusted execution environment for resource-constrained embedded devices

Authors:

Hassaan Janjua,

Danny HughesAuthors Info & Claims

SysTEX '19: Proceedings of the 4th Workshop on System Software for Trusted Execution

Article No.: 6, Pages 1 - 6

https://doi.org/10.1145/3342559.3365338

Published: 27 October 2019 Publication History

Abstract

Trusted execution environments (TEEs) are becoming a requirement to protect a wide range of platforms, from cloud servers to embedded sensors. In this paper, we take a first step towards providing a pure-software Trusted Execution Environment (TEE) for resource-constrained embedded devices that lack basic hardware-based security features, such as Memory Protection Units (MPUs). Our key instrument in providing the features of TEEs is a formally-verified software-based memory isolation technique called the Security MicroVisor (SμV), that serves as a programmable trusted layer, which provides isolation by policing and regulating the execution of assembly-level instructions. This paper contributes the first architecture of a pure software TEE that supports all of the features that have been standardized by the GlobalPlatform Organization. Our implementation and evaluation results demonstrate the feasibility of implementing a standards-compliant software-based TEE for low-end embedded devices without hardware support or modification that has proven security against all networked attacks.

References

[1]

Tigist Abera, N. Asokan, Lucas Davi, Farinaz Koushanfar, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. Invited - Things, Trouble, Trust: On Building Trust in IoT Systems. In Proceedings of the 53rd Annual Design Automation Conference (DAC '16). ACM, New York, NY, USA, Article 121, 6 pages.

Digital Library

[2]

Nurul Amirah Ali, Micheal Drieberg, and Patrick Sebastian. 2011. Deployment of MICAz mote for wireless sensor network applications. In Computer Applications and Industrial Electronics (ICCAIE), 2011 IEEE International Conference on. IEEE, IEEE, Penang, Malaysia, 303--308.

[3]

M. Ammar, B. Crispo, B. Jacobs, D. Hughes, and W. Daniels. 2019. SμV---The Security MicroVisor: A Formally-Verified Software-Based Security Architecture for the Internet of Things. IEEE Transactions on Dependable and Secure Computing 16, 5 (Sep. 2019), 885--901.

[4]

ARM Limited. 2008. Security technology: building a secure system using Trust-Zone technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf. [Online; accessed 15-July-2019].

[5]

Atmel. 2009. AVR ATmega 1284p 8-bit microcontroller. htttp://ww1.microchip.com/downloads/en/DeviceDoc/doc8059.pdf. [Online; accessed 30-July-2019].

[6]

C Bormann, Mehmet Ersue, and Ari Keranen. 2014. RFC 7228: Terminology for Constrained-Node Networks. IETF Request For Comments (2014).

[7]

Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: tiny trust anchor for tiny devices. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 1--6.

Digital Library

[8]

Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. SANCTUARY: ARMing TrustZone with User-space Enclaves. In NDSS.

[9]

Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 857--874.

[10]

Wilfried Daniels, Danny Hughes, Mahmoud Ammar, Bruno Crispo, Nelson Matthys, and Wouter Joosen. 2017. S μ V-the security microvisor: a virtualisation-based security middleware for the internet of things. In Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Industrial Track. ACM, 36--42.

Digital Library

[11]

Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2017. HYDRA: hybrid design for remote attestation (using a formally verified microkernel). In Proceedings of the 10th ACM Conference on Security and Privacy in wireless and Mobile Networks. ACM, 99--110.

Digital Library

[12]

Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust. In 19th NDSS Symposium. The Internet Society.

[13]

Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. 2017. Komodo: Using Verification to Disentangle Secure-enclave Hardware from Software. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP '17). ACM, New York, NY, USA, 287--305.

Digital Library

[14]

Intel. 2014. Intel Software Guard Extensions Programming Reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. [Online; accessed 15-July-2019].

[15]

Hassaan Janjua, Wouter Joosen, Sam Michiels, and Danny Hughes. 2018. Trusted Operations on Sensor Data. Sensors 18, 5 (2018), 1364.

[16]

ISO Jtc. 2011. SC22/WG14. ISO/IEC 9899: 2011. Information technology---Programming languages---C. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm (2011).

[17]

David Kaplan, Jeremy Powell, and Tom Woller. 2016. AMD memory encryption. White paper (2016).

[18]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A Security Architecture for Tiny Embedded Devices. In Proceedings of the 9th European Conference on Computer Systems. ACM, New York, NY, USA, 14.

Digital Library

[19]

Nelson Matthys, Fan Yang, Wilfried Daniels, Wouter Joosen, and Danny Hughes. 2016. Demonstration of micropnp: the zero-configuration wireless sensing and actuation platform. In Sensing, Communication, and Networking (SECON). IEEE.

[20]

B. McGillion, T. Dettenborn, T. Nyman, and N. Asokan. 2015. Open-TEE - An Open Virtual Trusted Execution Environment. In 2015 IEEE Trustcom/Big-DataSE/ISPA, Vol. 1. 400--407.

Digital Library

[21]

Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13). 479--498.

[22]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, and Gene Tsudik. 2019. VRASED: A Verified Hardware/Software Co-Design for Remote Attestation. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 1429--1446.

[23]

Global Platform. 2010. TEE Client API Specification v1.0. https://globalplatform.org/specs-library/tee-client-api-specification/

[24]

Global Platform. 2018. Introduction to Trusted Execution Environments. https://globalplatform.org/wp-content/uploads/2018/05/Introduction-to-Trusted-Execution-Environment-15May2018.pdf

[25]

Global Platform. 2018. TEE Internal Core API Specification. https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf

[26]

Seog Chung Seo and Hwajeong Seo. 2018. Highly Efficient Implementation of NIST-Compliant Koblitz Curve for 8-bit AVR-Based Sensor Nodes. IEEE Access 6 (2018), 67637--67652.

[27]

Joseph Yiu. 2015. ARMv8-M architecture technical overview. ARM WHITE PAPER (2015).

[28]

Lu Zhou, Chunhua Su, Zhi Hu, Sokjoon Lee, and Hwajeong Seo. 2019. Lightweight implementations of NISTP-256 and SM2 ECC on 8-bit resource-constraint embedded device. ACM Transactions on Embedded Computing Systems (TECS) 18, 3 (2019), 23.

Digital Library

[29]

Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL^*: A verified modern cryptographic library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1789--1806.

Digital Library

Cited By

Van Eyck TTrimech HMichiels SHughes DSalehi MJanjuaa HTa T(2023)Mr-TEEProceedings of the 24th International Middleware Conference: Industrial Track10.1145/3626562.3626831(22-28)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3626562.3626831
Oliveira DGomes TPinto S(2022)uTango: An Open-Source TEE for IoT DevicesIEEE Access10.1109/ACCESS.2022.315278110(23913-23930)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3152781
Ammar MCrispo B(2020)Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded DevicesProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427253(717-732)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427253

Index Terms

Towards a standards-compliant pure-software trusted execution environment for resource-constrained embedded devices
1. Security and privacy
  1. Formal methods and theory of security
    1. Trust frameworks

Recommendations

Towards Integrating Trusted Execution Environment into Embedded Autonomic Systems
ICAC '15: Proceedings of the 2015 IEEE International Conference on Autonomic Computing

Nowadays, there is a trend to integrate trusted computing concepts into autonomic systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated ...
Trusted Execution Environment: What It is, and What It is Not
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Nowadays, there is a trend to design complex, yet secure systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated processing environment in ...
Trusted Execution Environment: What It is, and What It is Not
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Nowadays, there is a trend to design complex, yet secure systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated processing environment in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SysTEX '19: Proceedings of the 4th Workshop on System Software for Trusted Execution

October 2019

42 pages

ISBN:9781450368889

DOI:10.1145/3342559

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Research Fund KU Leuven

Conference

SOSP '19

SOSP '19: ACM SIGOPS 27th Symposium on Operating Systems Principles

October 27, 2019

Ontario, Huntsville, Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
278
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)2

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Van Eyck TTrimech HMichiels SHughes DSalehi MJanjuaa HTa T(2023)Mr-TEEProceedings of the 24th International Middleware Conference: Industrial Track10.1145/3626562.3626831(22-28)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3626562.3626831
Oliveira DGomes TPinto S(2022)uTango: An Open-Source TEE for IoT DevicesIEEE Access10.1109/ACCESS.2022.315278110(23913-23930)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3152781
Ammar MCrispo B(2020)Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded DevicesProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427253(717-732)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427253

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents