Research Of Multi-tasking And Multi-user Security Basted On TrustZone

With the coming of the 5G Era,the rapid development of the IoT(Internet of Things)and the enhancement of people's awareness of security and privacy protection,the security and privacy protection is becoming more and more important.In recent years,the near end cloud computing mode such as fog computing and edge computing has been developing rapidly based on cloud computing.This effectively solves the shortage of mobile terminals in computing,storage,network,battery and other resources.So it overcomes the network delays for high latency applications,improves the performance of mobile applications and improves user experience.However,because of the rapid development of the IoT,the open source of system software such as Android and the overflow of application permissions,these mobile systems have potential security problems.And these divulging privacies are directly related to people's personal privacy.For example,the bank account and password at the time of mobile payment;the location information of the map navigation;the eating habits of the booking for the takeout;the consumption habits of the Internet shopping;the health information of the online diagnosis and so on relate to all aspects of our living life.From the whole ecosystem,we need to carry out safety protection research in all aspects of information flow.From end to end,from end to cloud,from cloud to end,it involves mobile devices,routers,switches,servers and other modules.We need to ensure privacy protection on the entire system,as well as security and privacy protection on a device.In this paper,we study the security of embedded devices,namely the security and privacy protection of mobile devices,and ensure the security of mobile devices which are closest to the users.And the security idea and framework proposed in this study can also be extended to other platform which implements the same hardware logic.A device can be divided into calculation module,storage module and network module from function aspect.Similarly,Security research can also be divided into safety calculation,secure storage and security network.The protection of user privacy is to ensure the integrity of being usurped,to prevent the hacker to modify the user's data,and to ensure the sathe user's data,to ensure that the user data is not illegally destroyed,to prevent the data from fe access of the users,so that the illegal users are not allowed to access.The technologies that can realize user security and privacy data protection include authentication,access control,privacy protection,and so on.In the field of embedded system security,a lot of research and implementation are to add external security hardware modules to the device or to integrate the internal security modules on SOC or to use software virtualization to run a highly trusted application in the privileged mode which named monitor.However,the problem of these solutions is to protect only the key resources in the system,or to ignore most of the attack problems.For example,the encryption module is designed to protect the key,but if the attacker is in outside of the encrypted module,when the data is loaded to the memory,the decryption can be stolen many times.Such protection will be meaningless.The adoption of cloud computing virtualization technology requires a monitor which needs a lot of wasteful computing resource.In order to improve the security of the existing embedded systems and ensure the security of user data,we put forward a multitask and multiuser security implementation scheme based on TrustZone technology.The main contributions of this thesis include:1.Based on TrustZone technology,a security architecture called OPTZ is proposed.The TrustZone technology of ARM can enhance the security of application by realizing the isolation of physical memory without additional internal or external hardware chips.We designed a trusted execution environment TEE and implemented two virtual worlds on the platform-the normal world and the secure world.The normal world is responsible for running normal tasks,and the secure world is responsible for running the high security applications.The physical isolation between the normal world and the secure world is realized.2.We have achieved secure isolation of multitask and multiuser.Under the security framework of OPTZ,multitask and multiuser physical isolation is realized.For the tasks running in the system,it is divided into normal task NA and secure task.And the secure task is divided into two parts:CA running in the normal world and TA running in the secure world.CA and TA are also isolated from each other.For multiuser security,we proposed several multiuser physical isolation solutions based on TrustZone technology.Through a more secure and reliable authentication mechanism and the access control protection mechanism,multiuser physical isolation become true.