Research On Linux Security Module Isolation Based On TrustZone

The protection of the Linux security module is the primary goal of protecting the kernel.Failure of a security module will cause the entire kernel to be in a non-secure state.It can be say that other module's security may be more difficult to guarantee when the security module is unsafe.SELinux is an essential kernel security module for Linux distributions,which is added into kernel since version 2.6 instead of a patch.In Linux,a macro kernel,SELinux shares the address space with other modules,which will lead to a serious problem that unreliable modules can tamper with the configuration file loading process and undermine the integrity of access control service.The protection scheme of kernel modules is mainly based on virtualization technology,but the virtualization method is not practical enough in the mobile platform.Therefore,this paper proposes a isolation method of Linux security module based on ARM TrustZone technology.ARM TrustZone technology is a system-wide security approach to address the security requirements of high-performance computing platforms,tightly integrated with hardware to protect secure memory,code or peripherals.Because of the close integration with the hardware,TrustZone can protect memory,code or peripherals.The core idea of this paper is to run the SELinux security module in Trusted Execution Environment(TEE)with TrustZone.The access control decision request issued by the kernel will implement the function call through the secure communication mechanism conforming to the TEE specification.The use of TrustZone and TEE can makes SELinux's data and services more secure.The major analysis and innovation to realize this solution include the following aspects:1)By analyzing the initialization process and service flow of SELinux,this paper summarizes the relationship between SELinux and LSM hooks,the relationship between SELinux components.This paper also sorts out the key segmentation of the security server from the SELinux framwork.2)Based on the TEE specification and the source code of OP-TEE,we designed and implemented the TEE client api for kernel modules,modified the driver used by those apis.The driver and the kernel client apis provide such services as establishing a session with a specific trusted application and invoking command,which establishes the communication mechanism of the security server and other components.3)Based on ARM TrustZone software architecture,we proposed a scheme for protecting Linux security module.Different from the virtualization approach,the solution we designed makes better use of the hardware isolation.This solution protects the the policy file via trusted boot,and ensures the integrity of SELinux service by using the trusted environment.This paper describes the design and implement of the isolation method in details,and finally proves the feasibility of the scheme through experiments.