Hypervision Across Worlds : Real-time Kernel Protection from the ARM TrustZone Secure World

  • Azab A
  • 98

    Readers

    Mendeley users who have this article in their library.
  • 66

    Citations

    Citations of this article.

Abstract

T rus tZ o ne-based R ea l-time K ern el P ro tection (TZ-RKP) is a novel system that provides real-time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more secure than current approaches that use hypervisors to host kernel protection tools. Although hypervisors pro- vide privilege and isolation, they face fundamental security challenges due to their growing complexity and code size. TZ-RKP puts its security monitor, which represents its entire Trusted Computing Base (TCB), in the TrustZone secure world; a safe isolated environment that is dedicated to security services. Hence, the security monitor is safe from attacks that can potentially compromise the kernel, which runs in the normal world. Using the secure world for kernel protection has been crippled by the lack of control over targets that run in the normal world. TZ-RKP solves this prominent challenge using novel techniques that deprive the normal world from the ability to control certain privi- leged system functions. These functions are forced to route through the secure world for inspection and approval before being executed. TZ-RKP’s control of the normal world is non-bypassable. It can effectively stop attacks that aim at modifying or injecting kernel binaries. It can also stop at- tacks that involve modifying the system memory layout, e.g, through memory double mapping. This paper presents the implementation and evaluation of TZ-RKP, which has gone through rigorous and thorough evaluation of effectiveness and performance. It is currently deployed on the latest models of the Samsung Galaxy series smart phones and tablets, which clearly demonstrates that it is a practical real-world system

Author-supplied keywords

  • arm trustzone
  • integrity monitoring
  • kernel protection

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • Ahmed M Azab

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free