poster

Public Access

POSTER: DroidShield: Protecting User Applications from Normal World Access

Authors:

Darius Suciu,

Radu SionAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 1760 - 1762

https://doi.org/10.1145/2976749.2989052

Published: 24 October 2016 Publication History

PDF eReader

Abstract

Smartphones are becoming the main data sharing and storage devices in both our personal and professional lives, as companies now allow employees to share the same device for both purposes, provided the company's confidential information can be protected. However, as history has shown, systems relying on security policies or rules to protect user data are not airtight. Any flaw in the constructed rules or in the code of privileged applications can lead to complete compromise. In addition, we can not rely only on TrustZone[6] world separation to isolate confidential data from unauthorized access, because in addition to severe limitations in terms of both communication and memory space, there is a very low limit on the number of applications that can be installed in the secure world before we can start questioning its security, especially when considering code originating from multiple sources. Thus, the solutions currently available for TrustZone devices are not perfect and the data confidentiality can not be guaranteed. We propose an alternative approach, which involves providing the majority of secure world application advantages to a set of normal world applications, with almost none of the drawbacks by relying only on the TrustZone world separation and the TZ-RKP[2] kernel protection scheme.

References

[1]

ARM. Bulding a secure system using trustzone technology. ARM Technical White Paper, 2009.

Google Scholar

[2]

A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 90--102, 2014.

Digital Library

Google Scholar

[3]

CVE-2016--2431. Online at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016--2431.

Google Scholar

[4]

M. Gulati, M. J. Smith, and S.-Y. Yu. Security enclave processor for a system on a chip. U.S Patent No. 8,832,465, September 2014.

Google Scholar

[5]

U. Kanonov and A. Wool. Secure containers in android: the samsung knox case study. arXiv preprint arXiv:1605.08567, 2016.

Google Scholar

[6]

SAMSUNG. Whitepaper: An overview of the samsung knox platform. November 2015.

Google Scholar

[7]

S. Smalley and R. Craig. Security enhanced (se) android: Bringing flexible mac to android. NDSS, 310:20--38, 2013.

Google Scholar

[8]

J. J. Soo, S. Kong, M. Kim, D. Kim, and B. B. Kang. Secret: Secure channel between rich execution environment and trusted execution environment. NDSS, February 2015.

Google Scholar

Cited By

View all

Zeng FZhang ZChang RYu CZhang ZZhao Y(2023)Lark: Verified Cross-Domain Access Control for Trusted Execution Environments2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00031(160-171)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00031
Miao XZeng FChang RYu CZhang ZJiang LZhao Y(2022)Is your access allowed or not? A Verified Tag-based Access Control Framework for the Multi-domain TEEProceedings of the 13th Asia-Pacific Symposium on Internetware10.1145/3545258.3545281(252-261)Online publication date: 11-Jun-2022
https://dl.acm.org/doi/10.1145/3545258.3545281

Index Terms

POSTER: DroidShield: Protecting User Applications from Normal World Access
1. Security and privacy

Recommendations

Securing a communication channel for the trusted execution environment
Abstract
As a security extension to processor, ARM TrustZone has been widely adopted for various mobile and IoT devices. The protection is conducted by separating the system into two domains: the rich execution environment (REE) and the trusted ...
Regulating ARM TrustZone Devices in Restricted Spaces
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Smart personal devices equipped with a wide range of sensors and peripherals can potentially be misused in various environments. They can be used to exfiltrate sensitive information from enterprises and federal offices or be used to smuggle unauthorized ...
Light-SPD: a platform to prototype secure mobile applications
PAMCO '16: Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile Computing

Securely storing sensitive personal data is critical for protecting privacy. Currently, many persons use smartphones to store their private data. However, smartphones suffer from many security issues. To overcome this situation, the PCAS project is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

National Science Foundation

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
494
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)12

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zeng FZhang ZChang RYu CZhang ZZhao Y(2023)Lark: Verified Cross-Domain Access Control for Trusted Execution Environments2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00031(160-171)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00031
Miao XZeng FChang RYu CZhang ZJiang LZhao Y(2022)Is your access allowed or not? A Verified Tag-based Access Control Framework for the Multi-domain TEEProceedings of the 13th Asia-Pacific Symposium on Internetware10.1145/3545258.3545281(252-261)Online publication date: 11-Jun-2022
https://dl.acm.org/doi/10.1145/3545258.3545281

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Securing a communication channel for the trusted execution environment

Regulating ARM TrustZone Devices in Restricted Spaces

Light-SPD: a platform to prototype secure mobile applications