| In recent years,with the continuous development of computer technology and the popularization of computer equipment,people use the computer to communicating,shopping,online transactions and other activities more easily than before.However,computer systems are not security today,the computer will be hit by all aspects of malicious attacks.Once the message leaks,which will cause huge economic losses to computer-related businesses and their users.As a result,the computer security issues should have been paid more and more attention by the community nowadays.Central Processing Unit(CPU)acts as a core component of a computer system.If the processor can be enhanced in security aspects,then the security of the computer system will be greatly improved finally.To enhance the security of CPU,this article first analyzes ARM's TrustZone architecture,it can be seen clearly that there are many deficiencies in storage encryption,safe zone isolation and too large for identification granularity,as well as the lack of application-level isolation.For the above issues,this paper puts forward the corresponding security enhancement measures to achieve the purpose of improving processor security.The main work and contributions of this paper are:1.We have designed and implemented the module of the memory address space allocation and security identification.For the problems that the granularity of bus transaction security is too large in the TrustZone architecture,this module will carry out a more detailed division of memory address space,so that it can be divided into the area of the two properties in security settings,including security and non-security,which will enhance security qualification granularity in computer system.2.We have designed a storage encryption module.if the data needs to flow out of the CPU,we need to encrypt data to ensure data security.The TrustZone architecture does not define data security for memory interfaces.We have designed a storage encryption module to improve the security of TrustZone memory data in this article.3.At last,we have built an application-level isolation encryption system.As we all know,applications in TrustZone system are directly classified into both secure and nonsecure domain applications.There is no means of isolation between same classes of applications,which will cause a security risk to computer system.This article presents a technique for isolating applications,and we build a application isolation system,which uses the previously designed modules to encrypt each application with a different key,so as to achieve the effect of the isolation between different applications. |
PDF Full Text Request