nach oben

Cluster Computing

Erschienen in:

25.03.2017

MIPE: a practical memory integrity protection method in a trusted execution environment

verfasst von: Rui Chang, Liehui Jiang, Wenzhi Chen, Yang Xiang, Yuxia Cheng, Abdulhameed Alelaiwi

Erschienen in: Cluster Computing | Ausgabe 2/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Vorheriger Artikel A novel reliability estimation method of complex network based on Monte Carlo

Nächster Artikel A Spark-based genetic algorithm for sensor placement in large scale drinking water distribution systems

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Wang, L., Hu, S., Betis, G., et al.: A computing perspective on smart City[J]. IEEE Trans. Comput. 65(5), 1337–1338 (2016)MathSciNetCrossRef

Cheng, C., Lee, J., Jiang, T., et al.: Security analysis and improvements on two homomorphic authentication schemes for network coding[J]. IEEE Trans. Inf. Forensics Secur. 11(5), 993–1002 (2016)CrossRef

González, J., Bonnet, P.: Towards an open framework leveraging a trusted execution environment[C]. In: The 5th International Symposium on Cyberspace Safety and Security , pp. 458-467 (2013)

Gustafson, A., Schunnesson, H., Galar, D., Mkemai, R.: TPM Framework for Underground Mobile Mining Equipment. A Case Study. Springer, New York (2011)

Nerella, V.K.S.: Exploring run-time reduction in programming codes via query optimization and caching[J]. Dissertations and Theses-Gradworks (2013)

Smith, S.W.: Secure Coprocessor[M]. Springer, New York (2011)

Mckeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM (2013)

Kim, S., Shin, Y., Ha, J., Kim, T., Han, D.:. A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications. Acm Workshop on Hot Topics in Networks (2015)

Deng, Z., Zhang, X., Xu, D.: Spider: stealthy binary program instrumentation and debugging via hardware virtualization. Computer Security Applications Conference, pp. 289–298. ACM (2013)

10.

Alves, T.: TrustZone : Integrated Hardware and Software Security. White Paper (2004)

11.

Lesjak, C., Hein, D., Winter, J.: Hardware-security technologies for industrial IoT: TrustZone and security controller[C]// Industrial Electronics Society, IECON 2015—Conference of the IEEE. IEEE (2015)

12.

Sun, H., Sun, K., Wang, Y., Jing, J., Jajodia, S.: TrustDump: Reliable Memory Acquisition on Smartphones. Lecture Notes in Computer Science, vol. 8712, pp. 202–218 (2014)

13.

Ren, W., Zeng, L., Liu, R., Cheng, C.: F2AC: a lightweight, fine-grained, and flexible access control scheme for file storage in mobile cloud computing[J]. Mob. Inf. Syst. 2016, 1–9 (2016)

14.

Ren, W.: uLeepp: an ultra-lightweight energy-efficient and privacy-protected scheme for pervasive and mobile WBSN-cloud communications[J]. Ad Hoc Sens. Wirel. Netw. 27(3), 173–195 (2015)

15.

Kim, M., Kim, Y., Ju, H., et al.: Design and implementation of mobile trusted module for trusted mobile computing[J]. IEEE Trans. Consum. Electron. 56(1), 134–140 (2010)CrossRef

16.

McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.: Software guard extensions instructions and programming model. In: Proceedings of the 2013 HASP Workshop. Intel Corporation (2013)

17.

Alves, T., Felton, D.: Trustzone: Integrated Hardware and Software Security. ARM white paper (2004)

18.

Schuster, F., Costa, M., Fournet, C., Gkantsidis, C: VC3: trustworthy data analytics in the cloud using SGX. IEEE Secur. (2015)

19.

Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven[J]. ACM Trans. Comput. Syst. 33(3), 1–26 (2015)CrossRef

20.

Chi, C., Tao, J., Liu, Y., et al.: Security analysis of a homomorphic signature scheme for network coding[J]. Secur. Commun. Netw. 8(18), 4053–4060 (2015)CrossRef

21.

Android Rooting Method: Motochopper. http://hexamob.com/how-to-root/motochopper-method (2015)

22.

ClearSy. Atelier B 4.2.1 Free. http://www.atelierb.eu/en/2015/03/09/atelier-b-4-2-1-free-2/ (2016)

23.

Dalton, G.C., Mills, R.F., Colombi, J.M., et al.: Analyzing Attack Trees Using Generalized Stochastic Petri Nets[J], pp. 116–123. IEEE (2006)

24.

Xu, D., Nygard, K.E.: Threat-driven modeling and verification of secure software using aspect-oriented Petri nets[J]. IEEE Trans. Softw. Eng. 32(4), 265–278 (2006)CrossRef

25.

Xu, D., Nygard, K.: A Threat-Driven Approach to Modeling and Verifying Secure Software[C]//20th IEEE/ACM International Conference on Automated Software Engineering (ASE 2005), pp. 342–346. Long Beach, CA, USA (2005)

26.

Wang, L., Wong, W., Xu, D.: A threat model driven approach for security testing. The 3rd International Workshop on Software Engineering for Secure Systems (2007)

27.

Hwang, D.D.: Securing embedded systems. IEEE Secur. Priv. 4, 40–49 (2006)CrossRef

28.

Trusted Execution Environments Intel SGX. http://sigops.org/sosp/sosp13/ (2014)

29.

Intel SGX Emulation using QEMU. https://github.com/sslab-gatech/opensgx (2015)

30.

Nuno, S., Himanshu, R., Stefan, S., Alec, W.: Using ARM trustzone to build a trusted language runtime for mobile applications. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 67–80 (2014)

31.

Ahmed MA, Peng, N., Jitesh, S., Quan, C., Rohan, B., Guruprasad, G., Jia, M., Wenbo, S.: Hypervision across worlds real-time Kernel protection from the ARM trustZone secure world. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1028–1031 (2014)

32.

Xinyang, G., Hayawardh, V., Trent, J.: Sprobes Enforcing Kernel Code Integrity on the TrustZone Architecture. Eprint Arxiv (2014)

33.

Hoekstra, M., Lal, R., Pappachan, P., Rozas, C., Phegade, V.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of the 2013 HASP Workshop (2013)

34.

Dmitrienko, A., Heuser, S., Nguyen, T.: Market-Driven Code Provisioning to Mobile Secure Hardware. Springer, Berlin (2015)CrossRef

Titel: MIPE: a practical memory integrity protection method in a trusted execution environment
verfasst von: Rui Chang
Liehui Jiang
Wenzhi Chen
Yang Xiang
Yuxia Cheng
Abdulhameed Alelaiwi
Publikationsdatum: 25.03.2017
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 2/2017
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-017-0833-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2017

A Spark-based genetic algorithm for sensor placement in large scale drinking water distribution systems

Combining the big data analysis and the threat intelligence technologies for the classified protection model

The implementation of a cloud city traffic state assessment system using a novel big data architecture

Design of a recursive single-bin DFT algorithm for sparse spectrum analysis

Predicting edge sign and finding prestige of nodes in networks

A new canonical polyadic decomposition algorithm with improved stability and its applications to biomedical signal processing