| With the rapid development of science and technology,the Internet has invaded all aspects of society,and network security has received widespread attention from the entire society.Security incidents of major companies continue to emerge,and incidents such as "black screen" and "prism door",as well as all parts of the world,are constantly being attacked by hackers.Facing the current situation,it is increasingly urgent to study the security issues in the new situation.At this stage,there are more and more attacks on ARM-based devices,and it is difficult to prevent them.This article focuses on the study of the combination of Trust Zone technology and trusted computing dual-architecture technology under the ARM-based simulation environment to construct an application protection scheme from hardware to software.For this purpose,the following research work has been launched.First of all,on the basis of Trust Zone technology,combined with Global Platform(GP)trusted execution environment standards,two execution environments are isolated from the hardware level: trusted execution environment and rich execution environment,and guarantees the credibility of the TEE environment as the basis of the experimental environment.This article extends this chain of trust and extends the credibility of the TEE environment to the REE.Before the application is started,the experimental system first measures the summary value of the program binary file,and if it meets expectations,it is started.In this way,the security before the application in REE is started is guaranteed.Secondly,in order to deal with the security of application running time in REE,this paper integrates the dual-system architecture of trusted computing and constructs five modules,namely control module,measurement module,judgment module,communication module and trusted reference library.The trusted benchmark library is the area where the program summary values are stored and is the basis of credibility.Therefore,in order to ensure the security of the trusted benchmark library,this paper is based on the Trust Zone technology to implement the secure storage function of the trusted benchmark library.From the hardware level to the software level,layers to ensure the security of trusted benchmark database data.When the measured program is started,from the process of the program to the kernel module called by the program,these five modules jointly ensure the safety of the measured application.Finally,we will build a virtual simulation environment based on QEMU to implement and analyze the prototype system described in this white paper.Attack the target program with a self-encoding SMC attack method.The results show that the system can accurately detect attacks against applications and implement defense strategies.System efficiency,real-time,and security show that the experimental system can provide reliable security protection without significantly affecting the operational efficiency of the measured application. |
PDF Full Text Request