Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

Arm Hypervisor and Trustzone Alternatives

Nezer Jacob Zaidenberg, Raz Ben Yehuda, Roee Shimon Leon

Source Title: Encyclopedia of Criminal Activities and the Deep Web

DOI: 10.4018/978-1-5225-9715-5.ch079

OnDemand:

(Individual Chapters)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Many scenarios such as DRM, payments, and homeland security require a trusted and verified trusted execution environment (TEE) on ARM. In most cases such TEE should be available in source code mode. The vendor cannot conduct code review and ensure that the operating system is trustworthy unless source code is available. Android and other rich execution environments (REEs) support various TEE implementations. Each TEE implementation has its own unique way of deploying trusted applications and features. Most TEEs in ARM can be started at TrustZone™ or Hyp (Hypervisor) mode. Choosing a proper TEE operating system can be a problem for trusted application developers and hardware vendors. This article discuss the hypervisor vs. TrustZone™ implementation dilemma. Furthermore, the article surveys multiple ARM TrustZone™ TEE solutions and ARM virtualization solutions that are available today with source code. This article allows IoT vendors and SoC manufacturer to select a suitable TEE for their platform needs based on their criteria.

Chapter Preview

Top

Background

Trusted Execution Environment

The ARM architecture allows for co-existence of a Trusted Execution Environment (TEE) and Rich Execution Environment (REE). Trusted Execution Environment is a secure area inside the central processor unit (hereby CPU). The Trusted Execution Environment runs its own operating system. The TEE operating system is a separate operating system that is running in parallel with the REE(main) operating system, in an isolated environment. The Trusted Execution Environment guarantees that the code and data loaded in the TEE are protected concerning confidentiality and integrity.

Rich Execution Environment is another area inside the CPU. The Rich Execution Environment runs a separate operating system. Usually, Google’s Android or Apple’s iOS. The Rich Execution Environment refers to the standard operating system that the device is running. The Rich Execution Environment offers significantly more features and applications and as a result, is vulnerable to attacks. In most cases, the Rich Execution Environment is the environment where most applications are running. The Rich Execution Environment receive services such as decryptions keys from the Trusted Execution Environment.

The Trusted Execution Environment usually act as a monitor for the Rich Execution Environment.

The Trusted Execution Environment has higher permissions and usually have access to read the Rich Execution Environment memory and data structures. The Rich Execution Environment should not have access to the trusted Execution environment memory and data structures. The two worlds, the secured and the normal (not trusted, non-secured) worlds, can switch through the strict supervision of a Secure Monitor running in monitor mode. Switching between the secure and normal world can be done through a special instruction called “secure monitor call” or SMC. Software use SMC to communicate between the secure and normal worlds shared memory is used. TrustZone™ splits the SOC devices to the secure and normal worlds. TrustZone™ control the device hardware interrupts. TrustZone™ can route an interrupt to the secure world or the normal world. Like in the memory case, I/O and interrupts routing may change dynamically. TrustZone™ uses its own MMU. Operating systems and processes that execute in TrustZone™ do not share the same address space with their normal world counterparts. Thus, there is no need to have distinct TrustZone™ for each processor. A single TrustZone™ OS across multiple ARM processors/cores can manage all the device Trusted computing needs. The cryptographic keys are accessible only in TrustZone™. The manufacturer can burn platform-specific keys using fuses. These platform-specific keys are device specific, thus enabling protection in the end unit level.

Booting a Trusted Execution Environment must form a chain of trust in which a trust nexus verifies the next component on the boot chain. Each component verifies the next component until the system. Many vendors proposed.

Key Terms in this Chapter

ARM Virtualization: ARM offered virtualization extensions to ARM7 architecture and virtualization instructions as part of ARM8 architecture.

Board Support Package (BSP): A minimal set of drivers and boot loader to boot the operating system.

L4: A family of microkernel operating systems by Liedtke initially. OKL4 and seL4 are operating systems that were derived from L4.

TrustZone™: An ARM Exception level that allows running TEE in a secure environment in parallel to the normal ARM environment.

ARM Architecture: ARM (previously advanced RISC machine, Acron RISC machine) is a 32 or 64 bit RISC CPU architecture that is by far the most common architecture in use today in mobile devices and IoT. ARM architecture includes TrustZone™ since the 7 th generation of the ARM architecture.

Hypercall: The term is analogous to System call. A call by a user process or the operating system for the hypervisor to perform some service required by the operating system of process.

GlobalPlatform: Is an organization that publishes the standard for secure mobile and embedded platform

Secure World: Secure world is the name for the secure, trusted execution environment (TEE) on ARM Architecture. It is running concurrently, on the same CPU as the normal world. However, ARM provides hardware and software mechanisms to ensure that the normal world and secure worlds are running on separate environments.

Rich Execution Environment (REE): Rich Execution Environment is another area inside the main processor. The Rich Execution Environment runs a separate operating system. Usually, Google’s Android or Apple’s iOS. The Rich Execution Environment refers to the standard operating system that the device is running. The Rich Execution Environment offers significantly more features and applications and as a result, is vulnerable to attacks.

Trusted Execution Environment (TEE): A Trusted Execution Environment (TEE) is a secure area inside the main processor. The trusted execution environment runs a separate operating system in parallel to the main operating system in an isolated environment. The trusted execution environment guarantees the confidentiality and integrity of the code and data loaded in the TEE.

Hypervisor: The hypervisor is the software component that is responsible for running multiple operating systems on the same hardware.

Normal World (Insecure World): The normal operating system that the given platform is running for normal applications. In most cases, this refers to Google’s Android or Apple’s IOS.

Chain of Trust: Group of computer components that starts at a trust nexus. Through a series of operations, each component in the chain adds functionality and verifies the next component. The final component is trusted if all components in the chain complete successful verification and then the nexus can indeed be trusted.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference