A TrustEnclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals  被引量：1

作　　者：Rui Chang Liehui Jiang Wenzhi Chen Yaobin Xie Zhongyong Lu Rui Chang;Liehui Jiang;Wenzhi Chen;Yaobin Xie;Zhongyong Lu

机构地区：[1]the State Key Laboratory of Mathematic Engineering and Advanced Computing [2]the Department of Computer,Zhejiang University

出　　处：《Tsinghua Science and Technology》2017年第5期447-457,共11页清华大学学报（自然科学版（英文版）

基　　金：supported by the National Natural Science Foundation of China (Nos.61572516 and 61503213)

摘　　要：The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

关 键 词：run-time security trusted execution environment hardware isolation TRUSTZONE 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]