Publication Type

Journal Article

Version

publishedVersion

Publication Date

1-2018

Abstract

Widely used on the Android phones, the technology of ARM TrustZone divides the hardware resources of Android phones into two worlds:non-secure world and secure world. The Android operating system used by user is running in the non-secure world, while the non-secure world's introspection systems (e.g., KNOX, Hypervisor) that are based on TrustZone are running in the secure world. These introspection systems have the high privilege. They can dynamically check Android kernel integrity and perform memory management of non-secure world instead of Android kernel. But TrustZonecan can not completely introspect the hardware resources (e.g., Cache) of non-secure world because of the world gap (introspection systems and Android system are in the different worlds). TrustZone's inferior interception capabilities and memory access control capabilities make its introspection capabilities weaker. This article first proposes an extendable frame system HTrustZone that utilizes Hypervisor to extend TrustZone's introspection capabilities to defeat world gap attacks and strengthen interception capabilities and memory access control capabilities. HTrustZone can help TrustZone make great progress on system introspection and give more security protection to the operating system in non-secure world. HTrustZone system is implemented on Raspberry Pi2 development board and the experiment results show that the overhead of HTrustZone is about 3%.

Discipline

Software Engineering

Publication

Journal of Software

Volume

29

Issue

8

First Page

2511

Last Page

2526

ISSN

1796-217X

Identifier

10.13328/j.cnki.jos.005492

Publisher

Academy Publisher

Comments

Cited by: 2

Additional URL

https://doi.org/10.13328/j.cnki.jos.005492

Download

Share

COinS