| As embedded devices continue to evolve in the areas of mobile computing,indus-trial control,robotics,and the Internet of Things,the way people interact with embed-ded devices is constantly changing.Nowadays,practical applications such as mobile terminals,industrial control systems,robots and smart cars involve the transmission,calculation and storage of sensitive data.Although many software-based protection mechanisms and protection methods have been widely used,these traditional software-only security protection mechanisms cannot meet the actual security requirements in today's intelligent,high-performance embedded devices.At present,the ubiquitous embedded device's improper handling of sensitive data will bring huge security risks to individuals,industries,and even the whole society.Therefore,this problem has also attracted a great deal of attention from academia and industry,and thus some em-bedded Hardware manufacturers are beginning to use ARM TrustZone technology to address the growing security of embedded systems and their applications.ARM Trust-Zone technology is a hardware-based trusted domain security extension architecture with great application prospects.Developers can use the trusted domain provided by them to build an isolation environment to develop a more robust operating system and more secure applications.This paper focuses on the embedded platform hardware isolation security tech-nology in the high security demand scenario,including the research and construction of the trusted execution environment based on the ARM TrustZone trusted domain,the security isolation of the mandatory access control service,and the trust domain-based Internet of Things.Security gateway technology,and related technologies such as reuse of trusted domains in a virtualized environment.The main research contents and innovations of this paper are as follows:Based on the in-depth summary of the existing trusted execution environment,this paper discusses in detail the startup,memory management,parameter transfer and pro-gram interface involved in the development of trusted domain based on ARM hardware isolation,and puts forward the problem.A trusted execution environment construction method suitable for isolation of operating system kernel modules.This trusted execu-tion environment can be used not only to track and monitor applications,but also to protect the integrity of common domain kernels and prevent threats such as malicious intrusions and privilege attacks.On the basis of completing the construction of trusted execution environment,this paper proposes a mandatory access control model based on trusted domain to solve the problem of lack of security protection for key components such as monitoring server and security policy under the traditional FLASK access control model architecture.In view of the insufficient security access control of edge devices and the vul-nerability of intelligent gateways in the context of existing IoT applications,this paper proposes a smart gateway authentication and authorization mechanism based on trusted domains.As the computing power of embedded devices has increased significantly,in or-der to make full use of the computing power of the device,virtualization technology has also been introduced to the embedded platform.Based on the virtualization tech-nology,this paper proposes a virtual trusted domain architecture.The virtual trusted domain solves the problem of how to securely and efficiently reuse trusted domains in a virtualized environment. |
PDF Full Text Request