Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Tong Sun,Borui Li,Yixiao Teng,Yi Gao,Wei Dong

DOI: https://doi.org/10.1109/ipsn61024.2024.00021

2024-01-01

Abstract:Internet of Things (IoT) applications have recently been widely used in safety-critical scenarios. To prevent sensitive information leaks, IoT device vendors provide hardware-assisted protections, called Trusted Execution Environments (TEEs), like ARM Trust-Zone. Programming a TEE-based application requires separate code for two components, significantly slowing down the development process. Existing solutions tackle this issue by automatic code partition while not successfully applying it in two complicated scenarios: adding trusted logic and interactions with secure peripherals.We propose dTEE, a declarative approach to secure IoT applications based on TrustZone. dTEE proposes a rapid approach that enables developers to declare tiered-sensitive variables and functions of existing applications. Besides, dTEE automatically transforms device drivers into trusted ones. We evaluate dTEE on four real-world IoT applications and seven micro-benchmarks. Results show that dTEE achieves high expressiveness for supporting 50% more applications than existing approaches and reduces 90% of the lines of code against handcrafted development.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

Lan Luo,Yue Zhang,Cliff C. Zou,Xinhui Shao,Zhen Ling,Xinwen Fu

DOI: https://doi.org/10.48550/arXiv.2007.05876

2020-07-12

Abstract:Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the TrustZone-M enabled SAM L11 MCU. Strategies to mitigate these software attacks are also discussed.

Cryptography and Security

Wenhao Wang,Linke Song,Benshan Mei,Shuang Liu,Shijun Zhao,Shoumeng Yan,XiaoFeng Wang,Dan Meng,Rui Hou

2024-10-24

Abstract:Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately $1.9\times$ -- $2.1\times$ higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.

Cryptography and Security,Hardware Architecture

WANG Zhen-yu,LIU Xin-jie,REN Jie,LIU Hai-lei,WU Jie

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.22.084

2008-01-01

Abstract:The paper discusses the key problems to build embedded trusted computing environment,such as embedded trusted boot process,the extension and driver design of TPM,embedded TSS and trusted security component.The embedded trusted boot process is able to ensure the trusted attestation among users,terminals and application by making a combination of BR,USBKey and TPM.The scheme is able to make embedded platform more secure,practical and reusable.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Yuan Chen,Jiaqi Li,Guorui Xu,Yajin Zhou,Zhi Wang,Cong Wang,Kui Ren

2022-01-01

Abstract:Since its debut, SGX has been used to secure various types of applications. However, existing systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or even malicious) third-party enclave can be exploited to attack the host application and the rest of the system. In this paper, we propose an efficient mechanism to confine an untrusted enclave's behaviors. In particular, the threats of an untrusted enclave come from the enclave-host asymmetries, which can be abused to access arbitrary memory regions of its host application, jump to any code location after leaving the enclave and forge the stack register to manipulate the saved context. Our solution breaks such asymmetries and establishes mutual distrust between the host application and the enclave. Specifically, it leverages Intel MPK for efficient memory isolation and the x86 single-step debugging mechanism to capture the exiting event of the enclave. Then it performs the integrity check of the jump target and the stack pointer. We have implemented a prototype system and solved two practical challenges. The evaluation with multiple micro-benchmarks and representative real-world applications demonstrated the effectiveness and the efficiency of our system, with less than 4% performance overhead.

FENG Dengguo,LIU Jingbin,QIN Yu,FENG Wei,Wei FENG,Yu QIN,Jingbin LIU,Dengguo FENG

DOI: https://doi.org/10.1360/ssi-2020-0096

2020-08-01

Scientia Sinica Informationis

Abstract:Trusted computing is based on a hardware security mechanism establishing a trusted computing environment and comprehensively enhances the system and network trust from the architectural perspective. With the development of information technology and continuous emergence of new application scenarios, security threats in the cyberspace are becoming increasingly serious; hence, trusted computing is actively researched in both academia and industry to find solutions against such treats. This paper summarizes the development process of trusted computing theory from the perspective of innovation and development. The study centers around one of the authors research results in trusted computing over the past 20 years. It proposes a trusted computing technology architecture that covers two method foundations, three trust cores, and four key technologies. Furthermore, the paper summarizes important research problems in mobile trusted computing, quantum-resistant trusted computing, trusted Internet of Things (IoT), trusted cloud, and trusted blockchain, elaborating on the integration and development of trusted computing in these fields. In mobile trusted computing, the design and implementation of a trusted execution environment architecture with software/hardware co-design is the focus of research. Another two important research issues in mobile trusted computing are the runtime security isolation and protection of the mobile operating systems kernel and trusted execution environment-based mobile application security protection. Due to the characteristics of embedded environments and limitation of resources, the construction of lightweight trusted roots, efficient and secure software attestation, practical secure code update mechanism, and swarm device attestation are important issues for further research in trusted IoT. In new scenarios such as quantum-resistant trusted computing, trusted cloud, and trusted blockchain, trusted computing is also constantly expanding its application boundaries and playing an increasingly important role. Finally, this paper looks ahead and discusses the development trends in trusted computing.

Qi-Xian Huang,Min-Yi Chiu,Chi-Shen Yeh,Hung-Min Sun

DOI: https://doi.org/10.3390/su142013660

IF: 3.9

2022-01-01

Sustainability

Abstract:In recent years, since edge computing has become more and more popular, its security issues have become apparent and have received unprecedented attention. Thus, the current research concentrates on security not only regarding devices such as PCs, smartphones, tablets, and IoTs, but also the automobile industry. However, since attack vectors have become more sophisticated than ever, we cannot just protect the zone above the system software layer in a certain operating system, such as Linux, for example. In addition, the challenges in IoT devices, such as power consumption, performance efficiency, and authentication management, still need to be solved. Since most IoT devices are controlled remotely, the security regarding system maintenance and upgrades has become a big issue. Therefore, a mechanism that can maintain IoT devices within a trusted environment based on localhost or over-the-air (OTA) will be a viable solution. We propose a mechanism called STBEAT, integrating an open-source project with ARM TrustZone to solve the challenges of upgrading the IoT system and updating system files more safely. This paper focuses on the ARMv7 architecture and utilizes the security stack from TrustZone to OP-TEE under the STM32 board package, and finally obtains the security key from the trusted application, which is used to conduct the cryptographic operations and then install the newer image on the MMC interface. To sum up, we propose a novel software update strategy and integrated ARM TrustZone security extension to beef up the embedded ecosystem.

Amir Mohammad Naseri,Walter Lucia,Mohammad Mannan,Amr Youssef

DOI: https://doi.org/10.1109/icas49788.2021.9551155

2021-08-11

Abstract:Recently, cloud control systems have gained increasing attention from the research community as a solution to implement networked cyber-physical systems (CPSs). Such an architecture can reduce deployment and maintenance costs albeit at the expense of additional security and privacy concerns. In this paper, first, we discuss state-of-the-art security solutions for cloud control systems and their limitations. Then, we propose a novel control architecture based on Trusted Execution Environments (TEE). We show that such an approach can potentially address major security and privacy issues for cloud-hosted control systems. Finally, we present an implementation setup based on Intel Software Guard Extensions (SGX), and validate its effectiveness on a testbed system.

Yong-Qiang Lv,Qiang Zhou,Yi-Ci Cai,Gang Qu

DOI: https://doi.org/10.1007/s11390-014-1479-9

IF: 1.871

2014-01-01

Journal of Computer Science and Technology

Abstract:Hardware security has become more and more important in current information security architecture.Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible military usage from all over the world.Due to the intrinsic difference from software security,hardware security has some special features and challenges.In order to guarantee hardware security,academia has proposed the concept of trusted integrated circuits,which aims at a secure circulation of IC design,manufacture and chip using.This paper reviews the main problems of trusted integrated circuits,and concludes four key domains of the trusted IC,namely the trusted IC design,trusted manufacture,trusted IP protection,and trusted chip authentication.The main challenges in those domains are also analyzed based on the current known techniques.Finally,the main limitations of the current techniques and possible future trends are discussed.

Yu Bi,X. Sharon Hu,Yier Jin,Michael Niemier,Kaveh Shamsi,Xunzhao Yin

DOI: https://doi.org/10.1145/2902961.2903041

2016-01-01

Abstract:We consider how the I-V characteristics of emerging transistors (particularly those sponsored by STARnet) might be employed to enhance hardware security. An emphasis of this work is to move beyond hardware implementations of physically unclonable functions (PUFs) and random number generators (RNGs). We highlight how new devices (i) may enable more sophisticated logic obfuscation for IP protection, (ii) could help to prevent fault injection attacks, (iii) prevent differential power analysis in lightweight cryptographic systems, etc.

Weijie Liu,Hongbo Chen,XiaoFeng Wang,Zhi Li,Danfeng Zhang,Wenhao Wang,Haixu Tang

DOI: https://doi.org/10.48550/arXiv.2109.01923

2021-09-05

Abstract:As an emerging technique for confidential computing, trusted execution environment (TEE) receives a lot of attention. To better develop, deploy, and run secure applications on a TEE platform such as Intel's SGX, both academic and industrial teams have devoted much effort to developing reliable and convenient TEE containers. In this paper, we studied the isolation strategies of 15 existing TEE containers to protect secure applications from potentially malicious operating systems (OS) or untrusted applications, using a semi-automatic approach combining a feedback-guided analyzer with manual code review. Our analysis reveals the isolation protection each of these TEE containers enforces, and their security weaknesses. We observe that none of the existing TEE containers can fulfill the goal they set, due to various pitfalls in their design and implementation. We report the lessons learnt from our study for guiding the development of more secure containers, and further discuss the trend of TEE container designs. We also release our analyzer that helps evaluate the container middleware both from the enclave and from the kernel.

Cryptography and Security

Lei Han,Jiqiang Liu,Zhen Han,Xueye Wei

DOI: https://doi.org/10.1007/s11704-011-9180-4

2011-05-14

Frontiers of Computer Science in China

Abstract:In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

Xiaohan Zhang,Jinwen Wang,Yueqiang Cheng,Qi Li,Kun Sun,Yao Zheng,Ning Zhang,Xinghua Li

DOI: https://doi.org/10.1109/tnet.2023.3294019

2024-01-01

Abstract:With the accelerating adaption of Cloud and Edge computing, cloud-based networked deployment emerges to enable providers to deliver services in a cost-effective and elastic manner. However, security concern remains one of the major obstacles to its wider adaption. Trusted Execution Environment (TEE) has been advocated to protect cloud services in an isolated execution environment. In this paper, we present a new genre of side-channel attack called interface-based side-channel attack and demonstrate its effectiveness on the TEE-assisted networked service system. The root cause of this attack is the input-dependent interface invocation (e.g., interface information and invocation patterns) that can be observed by untrusted software to reveal the control flows inside the enclave. Our evaluation demonstrates that the attack can effectively re-identify encrypted web pages processed in the SGX enclave with an accuracy of 87.6% and a recall of 76.6%, and can reduce the search domain of the 1024 bits RSA private keys to $1.69 \times 10^{-6}$ of the original search domain. As countermeasures, we propose, implement and evaluate a set of static analysis tools to mitigate the newly discovered threats. The key idea is to use inter-procedural dataflow analysis to identify potential leakage via the interface, and then mitigate them during compilation using techniques including branch obfuscation, loop obfuscation, and constant size wrapper.

Ennan Zhai,Qingni Shen,Yonggang Wang,Tao Yang,Liping Ding,Sihan Qing

DOI: https://doi.org/10.1007/978-3-642-20291-9_38

2011-01-01

Abstract:Host compromise is a serious security problem for operating systems. Most previous solutions based on integrity protection models are difficult to use: on the other hand, usable integrity protection models can only provide limited protection. This paper presents SecGuard, a secure and practical integrity protection model. To ensure the security of systems. SecGuard provides provable guarantees for operating systems to defend against three categories of threats: network-based threat, IPC communication threat and contaminative file threat. To ensure practicability, SecGuard introduces several novel techniques. For example, SecGuard leverages the information of existing discretionary access control information to initialize integrity labels for subjects and objects in the system. We developed the prototype system of SecGuard based on Linux Security Modules framework (LSM), and evaluated the security and practicability of SecGuard.