HiddenApp - Securing linux applications using ARM trustzone

Abstract

The security of an application depends not only on its design and programming, but also on the platform it runs on: the underlying Operating System and hardware. As today’s systems get more and more complex, the probability of finding vulnerabilities increases and might compromise their security. In order to protect against this scenario, the idea of hardware-assisted trusted execution has appeared: technologies such as Intel SGX and ARM TrustZone promise to solve this by introducing additional checks inside the CPUs for specific resources to be accessible only by trusted programs running in isolated contexts. Our paper proposes a method to run unmodified GNU/Linux programs inside ARM TrustZone’s secure domain, getting the trusted execution benefits while retaining accessibility of the OS’s services (like file and network I/O) by using an automated system call proxying layer. We test that sample applications doing disk/network I/O can run unmodified, having only a small, constant latency overhead.