Secure Isolation Based On ARM TrustZone Research And Application

With the development of mobile Internet and intelligent terminals, the ability ofintelligent terminal to get and process information improves so greatly that it canprocess data services which used to be processed by PC.It makes mobile terminalscome into contact with sensitive information of consumer’s more and more.Typicalintelligent terminal operating system is open and complex and its security can not beguaranteed. ARM launched TrustZone technology, which provides memory isolationand peripheral protection. GlobalPlatform released a specification about securityisolation, proposed the concept of trusted execution environment.In this thesis, we designed a prototype system based on the TrustZone hardwareisolation technology and GlobalPlatform software architecture,which include trusedoperating system TOS,rich execution environment communication agent, trustedexecution environment communication agent and client API. TOS is one of theimportant components of the trusted execution environment,which provide executionenvironment for trusted application and manages the switchs between rich executionenvironment and trusted execution environment. TOS is a non-independent anddedicated operating system. It’s driven by commands from rich executionenvironment.Application can not be created dynamically.TOS and application share thesame address space.Tos uses non-preemptive scheduling algorithm.Rich executionenvironment communication agent and trusted execution environment communicationagent provide low level communication between two execution environments.ClinetAPIs which encapsulate rich execution environment communication agent providesfriendly interface for client program.Rich execution environment uses Android as itsoperation system.Its communication agent is a Linux driver. The communication agentof the trusted execution environment is a deamon process which runs on TOS.We provide a mobile payment model based on the trusted execution environmentand solved two security problem of mobile payment:secure storage and secureinput/output.Finally we give the program framework of mobile payment.