摘要
ARM TrustZone技术已经在Android手机平台上得到了广泛的应用,它把Android手机的硬件资源划分为两个世界——非安全世界(non-secure world)和安全世界(secure world).用户所使用的Android操作系统运行在非安全世界,而基于TrustZone对非安全世界监控的系统(例如KNOX,Hypervision)运行在安全世界.这些监控系统拥有高权限,可以动态地检查Android系统的内核完整性,也可以代替Android内核来管理非安全世界的内存.但是由于TrustZone和被监控的Android系统分处于不同的世界,world gap(世界鸿沟)的存在导致处于安全世界的监控系统不能完全地监控非安全世界的资源(例如Cache).TrustZone薄弱的拦截能力和内存访问控制能力也弱化了它对非安全世界的监控能力.提出了一种可扩展框架系统HTrustZone,能够结合Hypervisor来协助TrustZone抵御利用world gap的攻击,增强其拦截能力和内存访问控制能力,从而为非安全世界的操作系统提供更高的安全性保障.并在Raspberry Pi2开发板上实现了HTrustZone的原型系统,实验结果表明,HTrust Zone的性能开销仅仅增加了3%左右.
Widely used on the Android phones, the technology of ARM TrustZone divides the hardware resources of Android phones into two worlds: non-secure world and secure world. The Android operating system used by user is running in the non-secure world, while the non-secure world's introspection systems (e,g., KNOX, Hypervisor) that are based on TrustZone are running in the secure world. These introspection systems have the high privilege. They can dynamically check Android kernel integrity and perform memory management of non-secure world instead of Android kernel. But TrustZonecan can not completely introspect the hardware resources (e.g., Cache) of non-secure world because of the world gap (introspection systems and Android system are in the different worlds). TrustZone's inferior interception capabilities and memory access control capabilities make its introspection capabilities weaker. This article first proposes an extendable frame system HTrustZone that utilizes Hypervisor to extend TrustZone's introspection capabilities to defeat world gap attacks and strengthen interception capabilities and memory access control capabilities. HTrustZone can help TrustZone make great progress on system introspection and give more security protection to the operating system in non-secure world. HTrustZone system is implemented on Raspberry Pi2 development board and the experiment results show that the overhead of HTrustZone is about 3%.
作者
章张锴
李舟军
夏春和
马金鑫
崔津华
ZHANG Zhang-Kai;LI Zhou-Jun;XIA Chun-He;MA Jin-Xin;CUI Jin-Hua(School of Computer Science and Engineering,BeiHang University,Beijing 100191,China;China Information Technology Security Evaluation Center,Beijing 100085,China;Singapore Management University,Singapore 178895,Singapore)
出处
《软件学报》
EI
CSCD
北大核心
2018年第8期2511-2526,共16页
Journal of Software
基金
国家重点研发计划(2016QY04W0802)
国家高技术研究发展计划(863)(2015AA016004)
国家自然科学基金(61370126,61672081,61502536,U1636208)
