基于TrustZone的可信执行环境构建技术研究

doi:10.3969/j.issn.1671-1122.2016.03.004

信息网络安全 ›› 2016, Vol. 16 ›› Issue (3): 21-27.doi: 10.3969/j.issn.1671-1122.2016.03.004

基于TrustZone的可信执行环境构建技术研究

范冠男, 董攀()

国防科学技术大学计算机学院,湖南长沙 410073

收稿日期:2016-01-04 出版日期:2016-03-25 发布日期:2020-05-13
作者简介:
作者简介: 范冠男(1992--), 男,河北,硕士研究生,主要研究方向为操作系统与信息安全;董攀(1978--),男,河南,副研究员,博士,主要研究方向为操作系统与信息安全.
基金资助:
国家自然科学基金[61572514,61502510]

Research on Trusted Execution Environment Building Technology Based on TrustZone

Guannan FAN, Pan DONG()

School of Computer, National University of Defense Technology, Changsha Hunan 410073, China

Received:2016-01-04 Online:2016-03-25 Published:2020-05-13

摘要/Abstract

摘要：

可信执行环境(TEE)作为一种通过隔离的方法保护数据和程序的技术,与传统安全技术相比,能够主动防御来自外部的安全威胁,更有效地保障自身安全.随着内置TrustZone技术的ARM处理器的广泛应用,可信执行环境开发受到重视.目前已经出现了很多基于TrustZone的开源项目,但因缺乏相应标准等原因给应用开发带来了障碍.文章以Open-TEE为例,深入研究了可信执行环境的整体结构,分析了软件层的组件构成和运行流程,提出了可信应用的开发方法.通过实验,比较分析了几种可信执行环境在部署难易度,开发难易度,内存占用等方面的性能.文章提出的可信执行环境构建方法具有良好的软件结构,易于开发.

关键词: TrustZone, 可信执行环境, Open-TEE, ARM

Abstract:

As a technique for protecting data and programs, compared with the traditional security technology, the trusted execution environment (TEE) can actively prevent threats from outside and ensure the safety of host more effectively by means of hardware aided isolation. With the extensive application of the ARM processor with the built-in TrustZone, trusted execution environment development has been paid increasing attentions. At present, there have been many open source TEE projects based on TrustZone, but their applications still face with problems because of the lack of corresponding standards. Taking Open-TEE as an example, this paper deeply studies the overall structure of TEE, analyzes the architecture of software layer and operational process, and proposes the development method of trusted application. The performances of deployment, development and memory footprint of some TEEs are compared through experiments. The development method of TEE proposed in this paper has good software architecture and is easy to be developed.

Key words: TrustZone, trusted execution environment, Open-TEE, ARM

中图分类号:

TP309

范冠男, 董攀. 基于TrustZone的可信执行环境构建技术研究[J]. 信息网络安全, 2016, 16(3): 21-27.

Guannan FAN, Pan DONG. Research on Trusted Execution Environment Building Technology Based on TrustZone[J]. Netinfo Security, 2016, 16(3): 21-27.

图/表 7

图1

图2

图3

图4

图5

表1

表2

参考文献 17

[1]	GlobalPlatform.
[2]	EKBERG J E. Securing Software Architectures for Trusted Processor Environments [EB/OL]. .
[3]	GlobalPlatform. Home Page [EB/OL]. .
[4]	Intel. SEP Driver[EB/OL]. ,2015-6-12.
[5]	Apple. iOS Security[EB/OL].,2015-12-1.
[6]	AZEMA J, FAYAD G. Shield Mobile Security Technology [EB/OL]. .
[7]	MCKEEB F,ALEXANDROVICH L,BERENZON A, et al. Innovative Instructions and Software Model for Isolated Execution [EB/OL]. .
[8]	马威,韩臻,成阳. 可信云计算中的多级管理机制研究[J]. 信息网络安全,2015(7):20-25.
[9]	ARM. ARM Security Technology-Building a Secure System Using TrustZone Technology[EB/OL]. .
[10]	ARM.TrustZone [EB/OL]. .
[11]	黄强,张德华,汪伦伟.可信计算硬件设备虚拟化关键保障机制研究[J]. 信息网络安全,2015(9):70-73.
[12]	ARM. ARM Security Technology Building a Secure System Using TrustZone Technology [EB/OL]. .
[13]	李海威,范博,李文锋. 一种可信虚拟平台构建方法的研究和改进[J]. 信息网络安全,2015(1):1-5.
[14]	Linaro. OP-TEE[EB/OL]. ,2015-12-1.
[15]	MCGILLION B, DETTENBORN T, NYMAN T, et al. Open-TEE--An Open Virtual Trusted Execution Environment[C]// IEEE.Trustcom/BigDataSE/ISPA, 2015, August 20-22, 2015, Helsinki, Finland. New York:IEEE,2015(1): 400-407.
[16]	TrustKernel. T6[EB/OL].2015-8-23.
[17]	Android Open Source Project. Managing Your App's Memory[EB/OL]. .

基于TrustZone的可信执行环境构建技术研究

Research on Trusted Execution Environment Building Technology Based on TrustZone

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 17

相关文章 5

编辑推荐

Metrics

本文评价

[1]	刘志娟, 高隽, 丁启枫, 王跃武. 移动终端TEE技术进展研究[J]. 信息网络安全, 2018, 18(2): 84-91.
[2]	袁峰;赵杰;陈靖;乐德广. 基于ARM的防火墙系统设计与实现[J]. , 2013, 13(6): 0-0.
[3]	张帆;石辰杰;卢秀卿;徐卓. 基于HIP的网络防火墙系统设计与实现[J]. , 2012, 12(1): 0-0.
[4]	邓志龙. 基于ARM+Linux的高速数据采集系统[J]. , 2011, 11(6): 0-0.
[5]	杨尹;韩伟红;程文聪. 基于时序分析的木马规模预测技术[J]. , 2009, 9(10): 0-0.