trustice hardware0assisted isolated computing
play

TrustICE:*Hardware0assisted* Isolated*Computing*Environments* - PowerPoint PPT Presentation

Jan 26, 2024 •375 likes •723 views

TrustICE:*Hardware0assisted* Isolated*Computing*Environments* on*Mobile*Devices Presented(by(Zhenyu Ning 1 Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 2 Contents 1.(Introduction 2.(Motivation

  1. TrustICE:*Hardware0assisted* Isolated*Computing*Environments* on*Mobile*Devices Presented(by(Zhenyu Ning 1

  2. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 2

  3. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 3

  4. ICE • Isolated(Computing(Environments. • To(protect(critical(codes(or(perform(some(analysis. • Virtualization,(emulation(or(hardwareHassisted(isolation. 4

  5. TrustZone • Hardware(security(extension(in(ARM(processors. • Available(in(most(nowadays(Android(mobile(devices. • Provide(CPU(state(isolation,(memory(isolation(and(I/O(device( isolation. 5

  6. TrustZone 6

  7. CPU*state*isolation • Normal(state(and(secure(state(identified(by(NS(bit(in(SCR. • Traditional(CPU(modes(in(each(state. • A(monitor(mode(as(a(gatekeeper(managing(state(switching. • SMC(instruction(to(enter(monitor(mode. 7

  8. Memory*isolation • Different(memory(translation(map(in(the(two(states. • TZASC(partition(the(memory(into(secure(region(and(nonHsecure( region. • Watermark(regions(in(i.MX53(QSB.(( ! Two(Watermark(regions. ! Continuous(memory(region(not(exceed(256MB(for(each( Watermark(region. 8

  9. I/O*device*isolation • Hardware'interrupt'isolation ! TrustZone(Interrupt(Controller(TZIC) ! IRQ(and(FIQ • DMA'isolation ! Direct(Memory(Access(Controller(DMAC) 9

  10. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 10

  11. Motivation • Software5based'hypervisor'and'emulator • Easy(to(compromise • Hardware5based'hypervisor • Large(Trust(Computing(Base(TCB) • Trusted'application'based'on'TrustZone • Increasing(TCB • Tough(OEMs 11

  12. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 12

  13. Architecture 13

  14. Architecture • TDC codes,(ICE(codes(and(secure(codes. • Dynamically(load(secure(code(to(ICE. • Secure(switching(between(Rich(OS(and(ICEs. • Isolation(between(Rich(OS(and(ICEs. 14

  15. Implementation How(to(protect(ICE(image? 15

  16. Dynamic*Watermark*region 16

  17. Dynamic*Watermark*region 17

  18. Dynamic*Watermark*region 18

  19. Implementation How(to(protect(ICE(when( running? 19

  20. System*State*Switching 20

  21. Implementation • ICE(code(is(running(in(nonHsecure(Supervisor(mode(and(secure( code(runs(in(nonHsecure(user(mode. • ICE(code(provides(secure(system(calls. • Both(the(head(and(the(tail(of(secure(code(should(be(SMC( system(call. • Secure(code(can(not(rely(on(Rich(OS. 21

  22. Secure*Isolation • CPU'isolation • Save(all(CPU(state(information(before(enter(ICE. • Clean(up(foot(print(and(recover(the(CPU(state(information(before( enter(Rich(OS. • Memory'isolation • Dynamically(change(Watermark(region. • I/O'device'isolation • Enable(a(minimal(set(of(required(interrupts(and(disable(all(the( other(interrupts. 22

  23. Trusted*Path • Verify(secure(bootloader image(using(RSA(public(key(stored(in( eFuse. • Secure(bootloader is(responsible(for(ensuring(the(secure(load(of(the( ICEs. • Use(some(signal(that(only(be(controlled(by(TDC(to(indicate(a( successful(switching. 23

  24. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 24

  25. Switching*time 25

  26. Switching*time 26

  27. Execution*time 27

  28. Other*evaluation 28

  29. More*than*two*ICEs • Additional(time(to(copy(the(ICE(into(ICE(runtime(environment. • 2.85ms(for(the(encryption(ICE(and(68.44ms(for(the(interface(ICE . • Maybe(hardware(platform(can(provide(a(flexible(Watermark( solution. 29

  30. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 30

  31. Conclusion • TrustICE:(HardwareHassisted(Isolated(Computing(Environments( on(Mobile(Devices. • Security • Flexibility • Small(TCB(and(low(overhead. • TDC(and(ICE(are(relative(small. • Low(performance(overhead(while(amount(of(ICE(is(below(2. 31

  32. Reference • H.(Sun,(K.(Sun,(Y.(Wang,(J.(Jing,(and(H.(Wang,(“TrustICE:(HardwareH assisted(Isolated(CompuMng Environments(on(Mobile(Devices,”(in( Proceedings(of(the(45th(Annual(IEEE/IFIP(InternaMonal Conference(on( Dependable(Systems(and(Networks((DSN’15),(June(22H25,(2015.( 32

  33. Thank(you! 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web Computing: Connected, Scalable but Overwhelming With no simple approach to creating small cloud programs... many cloud ideas simply dont get

68 views • 6 slides
A Homotopy Method for Computing All Isolated Solvents of the Quadratic Matrix Equation AX 2 + BX +

A Homotopy Method for Computing All Isolated Solvents of the Quadratic Matrix Equation AX 2 + BX +

Introduction Homotopy method for quadratic matrix equation More results for special problems Numerical results and conclusion A Homotopy Method for Computing All Isolated Solvents of the Quadratic Matrix Equation AX 2 + BX + C = 0 Yongwen Hou

683 views • 44 slides
EMISSIONS OF GREENHOUSE GASES FROM THE ISOLATED WETLANDS OF OB-TOM INTERFLUVE AREA Egor

EMISSIONS OF GREENHOUSE GASES FROM THE ISOLATED WETLANDS OF OB-TOM INTERFLUVE AREA Egor

EMISSIONS OF GREENHOUSE GASES FROM THE ISOLATED WETLANDS OF OB-TOM INTERFLUVE AREA Egor A. Dyukarev Evgenia A. Golovatskaya Elena E. Veretennikova Isolated wetlands n An isolated wetland does not have a formal definition, but rather

467 views • 19 slides
Brownian motion with variable drift can have drift can have isolated zeros isolated zeros

Brownian motion with variable drift can have drift can have isolated zeros isolated zeros

Brownian motion with variable Brownian motion with variable drift can have drift can have isolated zeros isolated zeros Julia Ruscher Introduction Julia Ruscher Isolated zeros Technical University of Berlin Hausdorff dimension

1.01k views • 73 slides
State of the Art and Future Trends in Grid Codes Applicable to Isolated Electrical Systems J.

State of the Art and Future Trends in Grid Codes Applicable to Isolated Electrical Systems J.

State of the Art and Future Trends in Grid Codes Applicable to Isolated Electrical Systems J. Merino C. Veganzones Technical University of Madrid o Introduction o Characterization Of Voltage And Frequency Disturbances In Isolated Power

357 views • 16 slides
lecture 20 Input / Output (I/O) 2 - isolated vs. memory mapped I/O - program controlled

lecture 20 Input / Output (I/O) 2 - isolated vs. memory mapped I/O - program controlled

lecture 20 Input / Output (I/O) 2 - isolated vs. memory mapped I/O - program controlled I/O: polling - direct memory access (DMA) Wed. March 23, 2016 Isolated I/O In MARS simulator of MIPS, we uses syscall for I/O e.g.

831 views • 32 slides
Universality in the equilibration of Universality in the equilibration of isolated systems after

Universality in the equilibration of Universality in the equilibration of isolated systems after

Universality in the equilibration of Universality in the equilibration of isolated systems after a small quench isolated systems after a small quench Lorenzo Campos Venuti University of Southern California, Los Angeles Paolo Zanardi (USC)

222 views • 18 slides
Entanglement and thermodynamics in non-equilibrium isolated quantum systems Pasquale Calabrese

Entanglement and thermodynamics in non-equilibrium isolated quantum systems Pasquale Calabrese

Entanglement and thermodynamics in non-equilibrium isolated quantum systems Pasquale Calabrese SISSA-Trieste Rome, Feb 16th 2018 Joint work with Vincenzo Alba PNAS 114 , 7947 (2017) & more Isolated systems out of equilibrium Quantum

450 views • 30 slides
Computing the Multiplicity Structure from Geometric Involutive Form Xiaoli Wu and Lihong Zhi Key

Computing the Multiplicity Structure from Geometric Involutive Form Xiaoli Wu and Lihong Zhi Key

Computing the Multiplicity Structure from Geometric Involutive Form Xiaoli Wu and Lihong Zhi Key Laboratory of Mathematics Mechanization Chinese Academy of Sciences Outline Compute an isolated primary component Bates etc.06, Corless

838 views • 58 slides
LICENSING OF SEISMICALLY ISOLATED NPPS IN THE USA

LICENSING OF SEISMICALLY ISOLATED NPPS IN THE USA

LICENSING OF SEISMICALLY ISOLATED NPPS IN THE USA Regulatory challenges and guidance Annie Kammerer & Andrew WhiHaker SMiRT Special Session on

709 views • 36 slides
Quantum Quantum Architectures Architectures June 1, 2005 June 1, 2005 Computing? Computing?

Quantum Quantum Architectures Architectures June 1, 2005 June 1, 2005 Computing? Computing?

Quantum Quantum Architectures Architectures June 1, 2005 June 1, 2005 Computing? Computing? e of computing devices that exhibit quantu e of computing devices that exhibit quantu chanical behavior chanical behavior ehavior of isolated

532 views • 28 slides
Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire

Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire

Signal machines : localization of isolated accumulation Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire dInformatique Fondamentale dOrlans, Universit dOrlans, Orlans, FRANCE 6 mars 2011

553 views • 39 slides
CSC 6991: Using Hardware Isolated Execu;on Environments for

CSC 6991: Using Hardware Isolated Execu;on Environments for

CSC 6991: Using Hardware Isolated Execu;on Environments for Securing Systems Fengwei Zhang Wayne State University CSC 6991 Advanced Computer Security 1

302 views • 19 slides
The Potential Immunomodulatory Effect of L. rhamnosus TW2 & L. plantarum TW14 Isolated from

The Potential Immunomodulatory Effect of L. rhamnosus TW2 & L. plantarum TW14 Isolated from

Nurheni Sri Palupi 1,2 , Triana Setyawardani 3 , Winiati P Rahayu 1,2 The Potential Immunomodulatory Effect of L. rhamnosus TW2 & L. plantarum TW14 Isolated from Local Goat Milk and Their Incorporation in Cheese 1) Department of Food Science

1.04k views • 15 slides
Probiotic and technological characteristics of microorganisms isolated from a natural ecosystem,

Probiotic and technological characteristics of microorganisms isolated from a natural ecosystem,

Probiotic and technological characteristics of microorganisms isolated from a natural ecosystem, the Kefir grain. - CIDCA UNL P - Ctedra de Microbiologa General, Facultad de Ciencias Exactas, UNLP Graciela L. De Antoni - CIC-PBA -

613 views • 20 slides
Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8) , zfs(8) and nfsd(8)

Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8) , zfs(8) and nfsd(8)

Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8) , zfs(8) and nfsd(8) editor@callfortesting.org @MichaelDexter BSDCan 2018 Jails and bhyve FreeBSDs had Isolation since 2000 and Virtualization since 2014 Why

1.13k views • 76 slides
DSLab 2020 The Data Science Lab Data Science Lab Spring 2020 Introducing the team Guillaume

DSLab 2020 The Data Science Lab Data Science Lab Spring 2020 Introducing the team Guillaume

DSLab 2020 The Data Science Lab Data Science Lab Spring 2020 Introducing the team Guillaume Tao Sun Eric Bouillet Obozinski Assistant Most modules Modules 1 & 5 Weeks 4, 12-13 Sofiane Sarni Christine Choirat Module 4 Module 1

542 views • 33 slides
Searching for Sterile Neutrinos with an Isotope -decay Source: The IsoDAR Experiment Mike

Searching for Sterile Neutrinos with an Isotope -decay Source: The IsoDAR Experiment Mike

1 Searching for Sterile Neutrinos with an Isotope -decay Source: The IsoDAR Experiment Mike Shaevitz Shaevitz - Columbia University - Columbia University Mike Aspen Winter Workshop--New Directions in Neutrino Physics February 8,

399 views • 25 slides
Osprey Noah Sape Evans Wednesday, October 13, 2010 The world is changing Wednesday,

Osprey Noah Sape Evans Wednesday, October 13, 2010 The world is changing Wednesday,

Osprey Noah Sape Evans Wednesday, October 13, 2010 The world is changing Wednesday, October 13, 2010 original Plan9 Timesharing from commodity small statically administered low bandwidth terminals closely coupled file

436 views • 26 slides
Message Scheduling in Time Triggered Protocols l Zden k Hanzlek Thanks to: P. cha,

Message Scheduling in Time Triggered Protocols l Zden k Hanzlek Thanks to: P. cha,

Message Scheduling in Time Triggered Protocols l Zden k Hanzlek Thanks to: P. cha, P. Jur k, P. Burget Czech Technical University in Prague Czech Technical University in Prague Contents Contents 1 P 1. Project Scheduling

747 views • 50 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
What should the solution look like? Sub-channels ISOLATION ZONE REUSE ZONE USED BY OTHER

What should the solution look like? Sub-channels ISOLATION ZONE REUSE ZONE USED BY OTHER

FERMI : A Femtocell Resource Management System for Interference Mitigation in OFDMA Femtocell Networks Mustafa Y. Arslan Jongwon Yoon Karthikeyan Sundaresan UC Riverside U Wisconsin Madison

668 views • 47 slides
Loneliness, Social Isolation & Community Change Al Condeluci, PhD All People Want To

Loneliness, Social Isolation & Community Change Al Condeluci, PhD All People Want To

Loneliness, Social Isolation & Community Change Al Condeluci, PhD All People Want To stay active in the community, be social To be productive, contribute and participate To be treated with dignity and respect To stay in

822 views • 39 slides
Resource Management for Isolation Enhanced Cloud Services Enhanced Cloud Services Himanshu Raj ,

Resource Management for Isolation Enhanced Cloud Services Enhanced Cloud Services Himanshu Raj ,

Resource Management for Isolation Enhanced Cloud Services Enhanced Cloud Services Himanshu Raj , Ripal Nathuji, Abhishek Singh, Paul England XCG, Microsoft Research Motivation Isolation issues in shared-resource computing infrastructures

408 views • 13 slides

More recommend