TrustZone技术的分析与研究  被引量：30

作　　者：郑显义[1,2,3] 李文[2,3] 孟丹[1,2,3] 

机构地区：[1]信息内容安全技术国家工程实验室,北京100093 [2]中国科学院信息工程研究所,北京100093 [3]中国科学院大学,北京100049

出　　处：《计算机学报》2016年第9期1912-1928,共17页Chinese Journal of Computers

基　　金：国家"八六三"高技术研究发展计划项目基金(2012AA01A401);国家"核高基"科技重大专项基金项目(2013ZX01029003-001)资助~~

摘　　要：互联网时代的到来给嵌入式应用系统带来了前所未有的发展机遇,但是随之而来的网络应用安全问题也使得嵌入式应用系统面临着越来越严重的威胁,安全性已经成为嵌入式系统设计中一项极为重要的需求.为此,ARM公司提出了基于TrustZone技术的一套系统级安全解决方案,该技术是在尽量不影响系统的功耗、性能和面积的前提下通过硬件来实现安全环境与普通环境的隔离,而软件提供基本的安全服务和接口,由软硬件相结合而构建系统安全,也正因为这些特点而受到国内外研究者的广泛关注.文中重点分析了TrustZone技术提供的安全隔离系统基本架构、安全机制的实现方式及如何构建可信执行环境.在此基础上将该技术与其他提高嵌入式安全的技术作了分析对比,也进一步探讨了其优势与不足之处,并针对不足之处提出了可能的解决方案.最后,深入讨论了该技术在学术领域的相关研究工作和商业应用情况,同时结合当前嵌入式应用领域存在的安全问题展望了该技术的未来发展方向和应用需求.The advent of the Internet era has brought the unprecedented development opportunities to the embedded application system, followed by the security issues of network applications which has led the embedded application system to be facing more and more serious threats. As a result, the security has become an extremely important requirement in the process of embedded system design. Therefore, ARM has proposed a set of system level security solutions based on TrustZone technology, which has implemented the isolation between the security environment and the normal environment by hardware and has also provided basic security services and interfaces by software. It has built the system security by combining hardware and software, however, it has no influence on performance, power consumption and area as far as possible. Due to those characteristic, the technology has gained wide attention of researchers from domestic and abroad. This paper has mainly analyzed the basic architecture of security isolation system provided by TrustZone technology, the way of security mechanism implement, and how to build the trusted execution environment. We have compared it with other technologies which can improve embedded system security, discussed the advantages and disadvantages of the technology in further, and proposed the possible solutions aiming at the deficiency as well. Furthermore, we have discussed the related research work in the academic field and business applications of the technology. At the end, we have prospected the future development direction and application requirement of the technology combining with the current security issues in the field of the embedded applications.

关 键 词：嵌入式系统 TrustZone技术 系统安全 ARM 系统结构 

分 类 号：TP302[自动化与计算机技术—计算机系统结构]