TrustZone半虚拟化与容器化实现机制

doi:10.3969/j.issn.1671-1122.2025.10.004

摘要/Abstract

摘要：

TrustZone广泛应用于移动平台，随着ARM CPU在云服务中大量部署，利用TrustZone增强虚拟机计算环境和数据的安全性需求日益凸显。但基础的TrustZone提供的硬件可信执行环境通常仅支持主机上的应用程序使用。为解决这一问题，文章提出一种TrustZone半虚拟化与容器化实现机制pvTEE，使虚拟机或容器中的客户能够高效、并行利用主机平台的可信执行环境运行可信应用。pvTEE通过前端驱动vTEEdriver、虚拟设备vTEE、主机代理程序vTEEproxy以及后端驱动TEEdriver，将虚拟机或容器内客户的调用请求转发至可信执行环境中的可信应用执行。主机、虚拟机和容器中的客户仅可调用自身场景的可信应用，无法访问其他应用。同时，主机、虚拟机及容器各自有独立的日志获取能力与安全存储服务。pvTEE基于ARMv8.2 CPU服务器、QEMU KVM虚拟机和Docker容器实现，实验结果表明，客户在虚拟机中调用可信应用完成一次RSA加解密操作，相比在主机场景中仅增加约6%的时间开销。

关键词: TrustZone, 可信执行环境, 虚拟化, 容器化, 云服务

Abstract:

TrustZone has been widely applied in mobile platforms. With the increasing application of ARM CPU in the cloud services, the demand to enhance the security of virtual machine computing environments and data using TrustZone has become increasingly prominent. However, the hardware-based trusted execution environment (TEE) provided by the basic TrustZone typically only supports applications running on the host. To address this issue, this paper proposed implementation mechanism for TrustZone paravirtualization and containerization called pvTEE, allowing client applications within virtual machines or containers to efficiently utilize the TEE of the host platform in parallel. pvTEE forwarded invocation requests of client applications within virtual machines or containers to trusted applications within the TEE through the front-end driver vTEEdriver, virtual device vTEE, host proxy vTEEproxy, and back-end driver TEEdriver. Client application within the host, virtual machines, or containers could only invoke trusted applications in their respective scenarios and could not access other instances. Meanwhile, the host, virtual machines, and containers each had independent log collection capabilities and secured storage services. pvTEE was implemented on a server based on the ARMv8.2 CPU, as well as in QEMU KVM virtual machines and Docker containers. Performance testing indicates that invoking trusted application for one complete RSA encryption and decryption operation by client application in a virtual machine scenario only incurs approximately 6% additional overhead compared to the host scenario.

Key words: TrustZone, trusted execution environment, virtualization, containerization, cloud services

中图分类号:

TP309

余发江, 王朝州. TrustZone半虚拟化与容器化实现机制[J]. 信息网络安全, 2025, 25(10): 1523-1536.

YU Fajiang, WANG Chaozhou. Implementation Mechanism for TrustZone Paravirtualization and Containerization[J]. Netinfo Security, 2025, 25(10): 1523-1536.

图/表 14

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

图13

图14

参考文献 34

[1]	SABT M, ACHEMLAL M, BOUABDALLAH A. Trusted Execution Environment:What It is, and What It is Not[C]// IEEE. 2015 IEEE Trustcom/BigDataSE/ISPA. New York: IEEE, 2015: 57-64.
[2]	MCGILLION B, DETTENBORN T, NYMAN T, et al. Open-TEE: An Open Virtual Trusted Execution Environment[C]// IEEE. 2015 IEEE Trustcom/BigDataSE/ISPA. New York: IEEE, 2015: 400-407.
[3]	MAYRHOFER R. An Architecture for Secure Mobile Devices[J]. Security and Communication Networks, 2015, 8(10): 1958-1970. doi: 10.1002/sec.v8.10 URL
[4]	SANTOS N, RAJ H, SAROIU S, et al. Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications[C]// ACM. The 19th International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2014: 67-80.
[5]	PETTERSEN R, JOHANSEN H D, JOHANSEN D. Secure Edge Computing with ARM TrustZone[EB/OL]. (2017-01-01)[2024-08-03]. https://doi.org/10.5220/0006308601020109.
[6]	PIRKER M, SLAMANIG D. A Framework for Privacy-Preserving Mobile Payment on Security Enhanced ARM TrustZone Platforms[C]// IEEE. 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. New York: IEEE, 2012: 1155-1160.
[7]	COOIJMANS T, DERUITER J, POLL E. Analysis of Secure Key Storage Solutions on Android[C]// ACM. The 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. New York: ACM, 2014: 11-20.
[8]	ZHANG Yingjun, ZHAO Shijun, QIN Yu, et al. TrustTokenF: A Generic Security Framework for Mobile Two-Factor Authentication Using TrustZone[C]// IEEE. 2015 IEEE Trustcom/BigDataSE/ISPA. New York: IEEE, 2015: 41-48.
[9]	JIAN Zhaolong, LU Ye, QIAO Youyang, et al. TSC-VEE: A TrustZone-Based Smart Contract Virtual Execution Environment[J]. IEEE Transactions on Parallel and Distributed Systems, 2023, 34(6): 1773-1788. doi: 10.1109/TPDS.2023.3263882 URL
[10]	LI Yuepeng, ZENG Deze, GU Lin, et al. PASTO: Enabling Secure and Efficient Task Offloading in TrustZone-Enabled Edge Clouds[J]. IEEE Transactions on Vehicular Technology, 2023, 72(6): 8234-8238. doi: 10.1109/TVT.2023.3237204 URL
[11]	SIDDIQUI T, SIDDIQUI S A, KHAN N A. Comprehensive Analysis of Container Technology[C]// IEEE. 2019 4th International Conference on Information Systems and Computer Networks (ISCON). New York: IEEE, 2019: 218-223.
[12]	BRADY K, MOON S, NGUYEN T, et al. Docker Container Security in Cloud Computing[C]// IEEE. 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). New York: IEEE, 2020: 975-980.
[13]	MATHER T, KUMARASWAMY S, LATIF S. Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance[M]. Sebastopol: O’Reilly Media, Inc., 2009.
[14]	RISTENPART T, TROMER E, SHACHAM H, et al. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds[C]// ACM. The 16th ACM Conference on Computer and Communications Security. New York: ACM, 2009: 199-212.
[15]	ZHAO Shixuan, LI Mengyuan, ZHANG Y Q, et al. vSGX: Virtualizing SGX Enclaves on AMD SEV[C]// IEEE. 2022 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2022: 321-336.
[16]	NGABONZIZA B, MARTIN D, BAILEY A, et al. TrustZone Explained: Architectural Features and Use Cases[C]// IEEE. 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). New York: IEEE, 2016: 445-451.
[17]	DEMIGHA O, LARGUET R. Hardware-Based Solutions for Trusted Cloud Computing[EB/OL]. (2021-04-01)[2024-08-03]. https://www.sciencedirect.com/science/article/pii/S0167404820303904.
[18]	GUAN Le, LIU Peng, XING Xinyu, et al. TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone[C]// ACM. The 15th Annual International Conference on Mobile Systems, Applications, and Services. New York: ACM, 2017: 488-501.
[19]	BRITO T, DUARTE N O, SANTOS N. ARM TrustZone for Secure Image Processing on the Cloud[C]// IEEE. 2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW). New York: IEEE, 2016: 37-42.
[20]	HUA Zhichao, GU Jinyu, XIA Yubin, et al. vTZ: Virtualizing ARM TrustZone[C]// USENIX. The 26th USENIX Security Symposium (USENIX Security 17). Berkeley: USENIX, 2017: 541-556.
[21]	HUA Zhichao, YU Yang, GU Jinyu, et al. TZ-Container: Protecting Container from Untrusted OS with ARM TrustZone[EB/OL]. (2021-08-19)[2024-08-03]. https://link.springer.com/article/10.1007/s11432-019-2707-6.
[22]	LI Dingji, MI Zeyu, XIA Yubin, et al. TwinVisor: Hardware-Isolated Confidential Virtual Machines for ARM[C]// ACM. The ACM SIGOPS 28th Symposium on Operating Systems Principles. New York: ACM, 2021: 638-654.
[23]	SUN He, SUN Kun, WANG Yuewu, et al. TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices[C]// IEEE. 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. New York: IEEE, 2015: 367-378.
[24]	LI Wenhao, XIA Yubin, LU Long, et al. TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms[C]// ACM. The 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. New York: ACM, 2019: 2-16.
[25]	KWON D, SEO J, CHO Y, et al. PrOS: Light-Weight Privatized Secure OSes in ARM TrustZone[J]. IEEE Transactions on Mobile Computing, 2020, 19(6): 1434-1447. doi: 10.1109/TMC.7755 URL
[26]	ALVES T. TrustZone: Integrated Hardware and Software Security[J]. Information Quarterly, 2004(3): 18-24.
[27]	ZHU Qinyu, CHEN Quan, LIU Yichen, et al. Investigating TrustZone: A Comprehensive Analysis[EB/OL]. (2023-04-14)[2024-08-03]. https://onlinelibrary.wiley.com/doi/10.1155/2023/7369634.
[28]	BELLARD F. QEMU, a Fast and Portable Dynamic Translator[C]// USENIX. The Annual Conference on USENIX Annual Technical Conference (ATEC’05). Berkeley: USENIX, 2005: 41-46.
[29]	RUSSELL R. Virtio: Towards a De-Facto Standard for Virtual I/O Devices[J]. ACM SIGOPS Operating Systems Review, 2008, 42(5): 95-103.
[30]	GOLDENBERG D, KAGAN M, RAVID R, et al. Zero Copy Sockets Direct Protocol Over Infiniband-Preliminary Implementation and Performance Analysis[C]// IEEE. The 13th Symposium on High Performance Interconnects (HOTI’05). New York: IEEE, 2005: 128-137.
[31]	ZHANG Ning, SUN Kun, SHANDS D, et al. TruSense: Information Leakage from TrustZone[C]// IEEE. IEEE INFOCOM 2018-IEEE Conference on Computer Communications. New York: IEEE, 2018: 1097-1105.
[32]	KOU Zili, SINHA S, HE Wenjian, et al. Cache Side-Channel Attacks and Defenses of the Sliding Window Algorithm in TEEs[C]// IEEE. 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE). New York: IEEE, 2023: 1-6.
[33]	LI Xupeng, LI Xuheng, DALL C, et al. Design and Verification of the ARM Confidential Compute Architecture[C]// USENIX. The 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI’22). Berkeley: USENIX, 2022: 465-484.
[34]	FOX A C J, STOCKWELL G, XIONG Shale, et al. A Verification Methodology for the ARM® Confidential Computing Architecture: from a Secure Specification to Safe Implementations[J]. The ACM on Programming Languages, 2023, 7: 376-405.