Skip to main content
SpringerLink
Log in

MIPE: a practical memory integrity protection method in a trusted execution environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Wang, L., Hu, S., Betis, G., et al.: A computing perspective on smart City[J]. IEEE Trans. Comput. 65(5), 1337–1338 (2016)

    Article  MathSciNet  Google Scholar 

  2. Cheng, C., Lee, J., Jiang, T., et al.: Security analysis and improvements on two homomorphic authentication schemes for network coding[J]. IEEE Trans. Inf. Forensics Secur. 11(5), 993–1002 (2016)

    Article  Google Scholar 

  3. González, J., Bonnet, P.: Towards an open framework leveraging a trusted execution environment[C]. In: The 5th International Symposium on Cyberspace Safety and Security , pp. 458-467 (2013)

  4. Gustafson, A., Schunnesson, H., Galar, D., Mkemai, R.: TPM Framework for Underground Mobile Mining Equipment. A Case Study. Springer, New York (2011)

    Google Scholar 

  5. Nerella, V.K.S.: Exploring run-time reduction in programming codes via query optimization and caching[J]. Dissertations and Theses-Gradworks (2013)

  6. Smith, S.W.: Secure Coprocessor[M]. Springer, New York (2011)

    Google Scholar 

  7. Mckeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM (2013)

  8. Kim, S., Shin, Y., Ha, J., Kim, T., Han, D.:. A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications. Acm Workshop on Hot Topics in Networks (2015)

  9. Deng, Z., Zhang, X., Xu, D.: Spider: stealthy binary program instrumentation and debugging via hardware virtualization. Computer Security Applications Conference, pp. 289–298. ACM (2013)

  10. Alves, T.: TrustZone : Integrated Hardware and Software Security. White Paper (2004)

  11. Lesjak, C., Hein, D., Winter, J.: Hardware-security technologies for industrial IoT: TrustZone and security controller[C]// Industrial Electronics Society, IECON 2015—Conference of the IEEE. IEEE (2015)

  12. Sun, H., Sun, K., Wang, Y., Jing, J., Jajodia, S.: TrustDump: Reliable Memory Acquisition on Smartphones. Lecture Notes in Computer Science, vol. 8712, pp. 202–218 (2014)

  13. Ren, W., Zeng, L., Liu, R., Cheng, C.: F2AC: a lightweight, fine-grained, and flexible access control scheme for file storage in mobile cloud computing[J]. Mob. Inf. Syst. 2016, 1–9 (2016)

  14. Ren, W.: uLeepp: an ultra-lightweight energy-efficient and privacy-protected scheme for pervasive and mobile WBSN-cloud communications[J]. Ad Hoc Sens. Wirel. Netw. 27(3), 173–195 (2015)

    Google Scholar 

  15. Kim, M., Kim, Y., Ju, H., et al.: Design and implementation of mobile trusted module for trusted mobile computing[J]. IEEE Trans. Consum. Electron. 56(1), 134–140 (2010)

    Article  Google Scholar 

  16. McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.: Software guard extensions instructions and programming model. In: Proceedings of the 2013 HASP Workshop. Intel Corporation (2013)

  17. Alves, T., Felton, D.: Trustzone: Integrated Hardware and Software Security. ARM white paper (2004)

  18. Schuster, F., Costa, M., Fournet, C., Gkantsidis, C: VC3: trustworthy data analytics in the cloud using SGX. IEEE Secur. (2015)

  19. Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven[J]. ACM Trans. Comput. Syst. 33(3), 1–26 (2015)

    Article  Google Scholar 

  20. Chi, C., Tao, J., Liu, Y., et al.: Security analysis of a homomorphic signature scheme for network coding[J]. Secur. Commun. Netw. 8(18), 4053–4060 (2015)

    Article  Google Scholar 

  21. Android Rooting Method: Motochopper. http://hexamob.com/how-to-root/motochopper-method (2015)

  22. ClearSy. Atelier B 4.2.1 Free. http://www.atelierb.eu/en/2015/03/09/atelier-b-4-2-1-free-2/ (2016)

  23. Dalton, G.C., Mills, R.F., Colombi, J.M., et al.: Analyzing Attack Trees Using Generalized Stochastic Petri Nets[J], pp. 116–123. IEEE (2006)

  24. Xu, D., Nygard, K.E.: Threat-driven modeling and verification of secure software using aspect-oriented Petri nets[J]. IEEE Trans. Softw. Eng. 32(4), 265–278 (2006)

    Article  Google Scholar 

  25. Xu, D., Nygard, K.: A Threat-Driven Approach to Modeling and Verifying Secure Software[C]//20th IEEE/ACM International Conference on Automated Software Engineering (ASE 2005), pp. 342–346. Long Beach, CA, USA (2005)

  26. Wang, L., Wong, W., Xu, D.: A threat model driven approach for security testing. The 3rd International Workshop on Software Engineering for Secure Systems (2007)

  27. Hwang, D.D.: Securing embedded systems. IEEE Secur. Priv. 4, 40–49 (2006)

    Article  Google Scholar 

  28. Trusted Execution Environments Intel SGX. http://sigops.org/sosp/sosp13/ (2014)

  29. Intel SGX Emulation using QEMU. https://github.com/sslab-gatech/opensgx (2015)

  30. Nuno, S., Himanshu, R., Stefan, S., Alec, W.: Using ARM trustzone to build a trusted language runtime for mobile applications. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 67–80 (2014)

  31. Ahmed MA, Peng, N., Jitesh, S., Quan, C., Rohan, B., Guruprasad, G., Jia, M., Wenbo, S.: Hypervision across worlds real-time Kernel protection from the ARM trustZone secure world. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1028–1031 (2014)

  32. Xinyang, G., Hayawardh, V., Trent, J.: Sprobes Enforcing Kernel Code Integrity on the TrustZone Architecture. Eprint Arxiv (2014)

  33. Hoekstra, M., Lal, R., Pappachan, P., Rozas, C., Phegade, V.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of the 2013 HASP Workshop (2013)

  34. Dmitrienko, A., Heuser, S., Nguyen, T.: Market-Driven Code Provisioning to Mobile Secure Hardware. Springer, Berlin (2015)

    Book  Google Scholar 

Download references

Acknowledgements

Thanks to project supported by the National Natural Science Foundation of China (No. 61572516). The authors extend their appreciation to the International Scientific Partnership Program (ISPP) at King Saud University, Riyadh, Saudi Arabia for funding this work through the Project No. ISPP#0069.

Author information

Authors and Affiliations

  1. State Key Laboratory of Mathematic Engineering and Advanced Computing, Zhengzhou, China

    Rui Chang & Liehui Jiang

  2. Department of Computer, Zhejiang University, Hangzhou, China

    Wenzhi Chen

  3. Centre for Cyber Security Research, Deakin University, Burwood, VIC, Australia

    Yang Xiang

  4. School of Information Technology, Deakin University, Burwood, VIC, Australia

    Yuxia Cheng

  5. King Saud University, Riyadh, 11543, Saudi Arabia

    Abdulhameed Alelaiwi

Authors
  1. Rui Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liehui Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenzhi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yuxia Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Abdulhameed Alelaiwi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Chang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chang, R., Jiang, L., Chen, W. et al. MIPE: a practical memory integrity protection method in a trusted execution environment. Cluster Comput 20, 1075–1087 (2017). https://doi.org/10.1007/s10586-017-0833-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0833-4

Keywords

Search

Navigation