Research On Security Enhancement Mechanism Of Mandatory Access Control Based On TrustZone

Mandatory access control is one of the most important security mechanisms in Linux,and it has long restricted and managed access rights to kernel resources.However,the mandatory access control module and the kernel are in the same privilege level and code space,so they may be threatened by the kernel space vulnerability,thus losing the ability to protect the kernel.The ARM TrustZone trusted execution environment technology ensures the isolation of the secure world and the ordinary world kernel through hardware mechanisms,and can provide security protection for mandatory access control.This paper studies the enhancement of key functions for protecting mandatory access control in a trusted execution environment based on ARM TrustZone,and proposes two securityenhanced system architectures for mandatory access control(TrustZone based Mandatory Access Control,TZ-MAC): decision-oriented isolation protection Security Enhanced Architecture and Integrity Protection Oriented Security Enhanced Architecture.Aiming at the security enhancement architecture for integrity protection,based on the mainstream security module App Armor,a prototype of the security enhancement access control mechanism based on TrustZone is designed and implemented,and functional and performance experiments are carried out to verify the correctness of the integrity protection-oriented security enhancement architecture.sex and availability.At the same time,each call to the Hook function of the TZ-MAC security module under the decision isolation architecture will cause the problem of switching between the normal world and the secure world of ARM TrustZone,and the specific design of the TZ-MAC security module may greatly affect the system performance.Therefore,this paper studies the performance overhead caused by the introduction of TrustZone under the decision isolation mechanism,and proposes a performance prediction method to guide security mechanism developers to implement a balanced design that takes both security and performance into consideration.In summary,the main contributions of this paper are as follows:(1)A cross-domain memory access method for establishing cross-world mapping is proposed and implemented.Based on the App Armor security module,this paper realizes the function of runtime security configuration integrity detection based on the establishment of a cross-world mapping memory cross-domain access method.Under the security enhancement architecture oriented to integrity protection,by establishing the mapping of the physical addresses of data in the ordinary world in the secure world,the secure world can directly access the data to be measured in the ordinary world.The memory cross-domain access method ensures the authenticity of the data obtained in the secure world,and saves the extra overhead caused by memory copying.Based on App Armor design,this paper implements an integrity protection-oriented securityenhanced architecture prototype system,and verifies the effectiveness of the memory cross-domain access method.(2)A predictive agile method for obtaining performance results under a decisionisolation protection architecture is proposed and validated.In the security-enhanced architecture for decision isolation protection,each invocation of the Hook function in the security module will cause the system to switch between the normal world and the secure world of TrustZone,thus affecting the performance of the system.In this regard,we model the performance based on the Hook call of the LSM framework,and analyze the two major factors that affect the performance overhead.On this basis,an agile performance prediction method is proposed to predict the performance overhead caused by the world switching caused by the Hook function implemented by the security module under the decision isolation protection architecture.This performance prediction method has strong reusability,and also facilitates the way to obtain performance results.Finally,we experimentally test the prediction method to obtain performance results,which can guide the balance design of performance and security in the design of security modules.