Research On Trusted Execution Environment Construction And Security Defense Techniques For Embedded Devices

With the accelerated development of the Internet of Things,the rapid emergence of new infor-mation application using smart devices,e.g.,Industry 4.0,BYOD?Bring your own devices?,and the Internet of Vehicles,and the increasing growth of embedded devices and applications,the tradi-tional security defense becomes inefficient.The security of embedded devices,which concerns the interest of businesses and industries,is of strategic importance.System security of embedded de-vices with more powerful processing performance and storage space receiving increasing attention in the area of cyberspace security.The construction of Trusted Execution Environment?TEE?and technology of system security defense are the hot topics in industry and academia.This dissertation focuses on system security and defense technologies on ARM-based embedded devices,including the construction of TEE,memory integrity protection,access control and program behavior moni-toring in TEE.The major work and innovations of the dissertation are as follows:1.To address the problems of the inefficiency of software-only approaches and the inflexi-bility of hardware-based approaches,a new construction method is proposed in which hardware isolation is combined with monitor program for TEE.The method is able to defend the malicious attacks which modify kernel code,data,and control flow to destroy the integrity of kernel,or u-tilize known or unknown vulnerabilities of untrusted kernel to overstep one's authority.Based on the method,a secure boot scheme is designed and the switch of the two worlds in a TEE is imple-mented.A TrustEnclave in the address space of OS kernel is built,which cannot be tampered with by the untrusted OS kernel itself.The proposed scheme is implemented on real TrustZone-enabled hardware devices,and the evaluations are based on Open Virtualization including Benchmark,en-cryption operation,and overhead.The experimental results demonstrate that the proposed security scheme is effective and feasible,and the overhead is less than 16%.2.To address the problems of high abstraction level and practical utility lack of the formal ver-ification method,a hardware-assisted memory isolation protection method is proposed,a memory isolation protection architecture based on B model is designed,and a security memory management system in TEE is implemented.The method can defend security threats,such as kernel data attacks,code reuse attack,and direct memory access attacks.The abstract representation of memory secu-rity threat is described as Threat Tree Model?TTM?.The status of memory protection extraction rules are constructed.Moreover,the specifications and refinements using B method are provid-ed,including initialization specification,reasoning and analysis,and refinement.On basis of the above,dividing virtual memory,switching Memory Management Unit?MMU?,updating caches dynamically and secure memory management system are implemented.The integrity protection strategies for execution files,run-time codes and control flows are presented.The experimental results show that the proposed method is effective and feasible,and has more security and lower overhead compared with traditional approaches.3.To address the problems of high deployment overhead and maintenance costs caused by kernel and system architecture layers,and to prevent the permission-based security threats,an multi-layered access control policy based on security domain is proposed.Firstly,an secure isolated area is divided by TrustZone hardware isolated technology and sandbox mechanism.Then,UCON_ABC is designed,and the formal definition and rule descriptions are presented.On this basis a multi-layered security model based on secure domain is designed.An effective Multi-layered Android Security Extension?MASE?preventing permission leakage is designed and implemented based on multi-layered security model,which contains access control on hardware,secure isolated domain based on sandbox,access control on system level,and execution process of secure modules.The evaluation results demonstrate the proposed policy is effective in mitigating permission leakage vulnerabilities?e.g.,root attack,privilege modified attack,scheduling data illegally attack,and security policy modified attack?,and the overhead is less than 4%.4.To address the problems that massive invalid instructions and control structures are not able to provide sufficient run-time characteristics by a traditional classifier in TEE,a novel behavior-monitoring method based on the analysis of syscall sequence is proposed.The method is capable of defending the security threats caused by applications from normal world in a TEE.Firstly,a method of APK-based automated traversal is implemented,including extracting UI elements,posi-tioning control,simulating user behaviors,and traversing depth-first.Then a method of extracting system call sequence is proposed and a SVM classifier is designed.Frequency and dependence de-gree are selected as characteristics,which construct feature vectors being import of Support Vector Machine?SVM?classifier to decide whether the applications entry secure world.Finally,an auto-mated program behavior monitor platform is implemented.The experimental results demonstrate that the proposed method with high accuracy is effective and feasible.