trustice hardware0assisted isolated computing
play

TrustICE:*Hardware0assisted* Isolated*Computing*Environments* - PowerPoint PPT Presentation

Jan 26, 2024 •375 likes •723 views

TrustICE:*Hardware0assisted* Isolated*Computing*Environments* on*Mobile*Devices Presented(by(Zhenyu Ning 1 Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 2 Contents 1.(Introduction 2.(Motivation

  1. TrustICE:*Hardware0assisted* Isolated*Computing*Environments* on*Mobile*Devices Presented(by(Zhenyu Ning 1

  2. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 2

  3. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 3

  4. ICE • Isolated(Computing(Environments. • To(protect(critical(codes(or(perform(some(analysis. • Virtualization,(emulation(or(hardwareHassisted(isolation. 4

  5. TrustZone • Hardware(security(extension(in(ARM(processors. • Available(in(most(nowadays(Android(mobile(devices. • Provide(CPU(state(isolation,(memory(isolation(and(I/O(device( isolation. 5

  6. TrustZone 6

  7. CPU*state*isolation • Normal(state(and(secure(state(identified(by(NS(bit(in(SCR. • Traditional(CPU(modes(in(each(state. • A(monitor(mode(as(a(gatekeeper(managing(state(switching. • SMC(instruction(to(enter(monitor(mode. 7

  8. Memory*isolation • Different(memory(translation(map(in(the(two(states. • TZASC(partition(the(memory(into(secure(region(and(nonHsecure( region. • Watermark(regions(in(i.MX53(QSB.(( ! Two(Watermark(regions. ! Continuous(memory(region(not(exceed(256MB(for(each( Watermark(region. 8

  9. I/O*device*isolation • Hardware'interrupt'isolation ! TrustZone(Interrupt(Controller(TZIC) ! IRQ(and(FIQ • DMA'isolation ! Direct(Memory(Access(Controller(DMAC) 9

  10. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 10

  11. Motivation • Software5based'hypervisor'and'emulator • Easy(to(compromise • Hardware5based'hypervisor • Large(Trust(Computing(Base(TCB) • Trusted'application'based'on'TrustZone • Increasing(TCB • Tough(OEMs 11

  12. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 12

  13. Architecture 13

  14. Architecture • TDC codes,(ICE(codes(and(secure(codes. • Dynamically(load(secure(code(to(ICE. • Secure(switching(between(Rich(OS(and(ICEs. • Isolation(between(Rich(OS(and(ICEs. 14

  15. Implementation How(to(protect(ICE(image? 15

  16. Dynamic*Watermark*region 16

  17. Dynamic*Watermark*region 17

  18. Dynamic*Watermark*region 18

  19. Implementation How(to(protect(ICE(when( running? 19

  20. System*State*Switching 20

  21. Implementation • ICE(code(is(running(in(nonHsecure(Supervisor(mode(and(secure( code(runs(in(nonHsecure(user(mode. • ICE(code(provides(secure(system(calls. • Both(the(head(and(the(tail(of(secure(code(should(be(SMC( system(call. • Secure(code(can(not(rely(on(Rich(OS. 21

  22. Secure*Isolation • CPU'isolation • Save(all(CPU(state(information(before(enter(ICE. • Clean(up(foot(print(and(recover(the(CPU(state(information(before( enter(Rich(OS. • Memory'isolation • Dynamically(change(Watermark(region. • I/O'device'isolation • Enable(a(minimal(set(of(required(interrupts(and(disable(all(the( other(interrupts. 22

  23. Trusted*Path • Verify(secure(bootloader image(using(RSA(public(key(stored(in( eFuse. • Secure(bootloader is(responsible(for(ensuring(the(secure(load(of(the( ICEs. • Use(some(signal(that(only(be(controlled(by(TDC(to(indicate(a( successful(switching. 23

  24. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 24

  25. Switching*time 25

  26. Switching*time 26

  27. Execution*time 27

  28. Other*evaluation 28

  29. More*than*two*ICEs • Additional(time(to(copy(the(ICE(into(ICE(runtime(environment. • 2.85ms(for(the(encryption(ICE(and(68.44ms(for(the(interface(ICE . • Maybe(hardware(platform(can(provide(a(flexible(Watermark( solution. 29

  30. Contents 1.(Introduction 2.(Motivation 3.(Implementation 4.(Evaluation 5.(Conclusion 30

  31. Conclusion • TrustICE:(HardwareHassisted(Isolated(Computing(Environments( on(Mobile(Devices. • Security • Flexibility • Small(TCB(and(low(overhead. • TDC(and(ICE(are(relative(small. • Low(performance(overhead(while(amount(of(ICE(is(below(2. 31

  32. Reference • H.(Sun,(K.(Sun,(Y.(Wang,(J.(Jing,(and(H.(Wang,(“TrustICE:(HardwareH assisted(Isolated(CompuMng Environments(on(Mobile(Devices,”(in( Proceedings(of(the(45th(Annual(IEEE/IFIP(InternaMonal Conference(on( Dependable(Systems(and(Networks((DSN’15),(June(22H25,(2015.( 32

  33. Thank(you! 33

Recommend

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web Computing: Connected, Scalable but Overwhelming With no simple approach to creating small cloud programs... many cloud ideas simply dont get

68 views • 6 slides
A Homotopy Method for Computing All Isolated Solvents of the Quadratic Matrix Equation AX 2 + BX +

A Homotopy Method for Computing All Isolated Solvents of the Quadratic Matrix Equation AX 2 + BX +

Introduction Homotopy method for quadratic matrix equation More results for special problems Numerical results and conclusion A Homotopy Method for Computing All Isolated Solvents of the Quadratic Matrix Equation AX 2 + BX + C = 0 Yongwen Hou

683 views • 44 slides
EMISSIONS OF GREENHOUSE GASES FROM THE ISOLATED WETLANDS OF OB-TOM INTERFLUVE AREA Egor

EMISSIONS OF GREENHOUSE GASES FROM THE ISOLATED WETLANDS OF OB-TOM INTERFLUVE AREA Egor

EMISSIONS OF GREENHOUSE GASES FROM THE ISOLATED WETLANDS OF OB-TOM INTERFLUVE AREA Egor A. Dyukarev Evgenia A. Golovatskaya Elena E. Veretennikova Isolated wetlands n An isolated wetland does not have a formal definition, but rather

467 views • 19 slides
Brownian motion with variable drift can have drift can have isolated zeros isolated zeros

Brownian motion with variable drift can have drift can have isolated zeros isolated zeros

Brownian motion with variable Brownian motion with variable drift can have drift can have isolated zeros isolated zeros Julia Ruscher Introduction Julia Ruscher Isolated zeros Technical University of Berlin Hausdorff dimension

1.01k views • 73 slides
State of the Art and Future Trends in Grid Codes Applicable to Isolated Electrical Systems J.

State of the Art and Future Trends in Grid Codes Applicable to Isolated Electrical Systems J.

State of the Art and Future Trends in Grid Codes Applicable to Isolated Electrical Systems J. Merino C. Veganzones Technical University of Madrid o Introduction o Characterization Of Voltage And Frequency Disturbances In Isolated Power

357 views • 16 slides
lecture 20 Input / Output (I/O) 2 - isolated vs. memory mapped I/O - program controlled

lecture 20 Input / Output (I/O) 2 - isolated vs. memory mapped I/O - program controlled

lecture 20 Input / Output (I/O) 2 - isolated vs. memory mapped I/O - program controlled I/O: polling - direct memory access (DMA) Wed. March 23, 2016 Isolated I/O In MARS simulator of MIPS, we uses syscall for I/O e.g.

831 views • 32 slides
Universality in the equilibration of Universality in the equilibration of isolated systems after

Universality in the equilibration of Universality in the equilibration of isolated systems after

Universality in the equilibration of Universality in the equilibration of isolated systems after a small quench isolated systems after a small quench Lorenzo Campos Venuti University of Southern California, Los Angeles Paolo Zanardi (USC)

222 views • 18 slides
Entanglement and thermodynamics in non-equilibrium isolated quantum systems Pasquale Calabrese

Entanglement and thermodynamics in non-equilibrium isolated quantum systems Pasquale Calabrese

Entanglement and thermodynamics in non-equilibrium isolated quantum systems Pasquale Calabrese SISSA-Trieste Rome, Feb 16th 2018 Joint work with Vincenzo Alba PNAS 114 , 7947 (2017) & more Isolated systems out of equilibrium Quantum

450 views • 30 slides
Computing the Multiplicity Structure from Geometric Involutive Form Xiaoli Wu and Lihong Zhi Key

Computing the Multiplicity Structure from Geometric Involutive Form Xiaoli Wu and Lihong Zhi Key

Computing the Multiplicity Structure from Geometric Involutive Form Xiaoli Wu and Lihong Zhi Key Laboratory of Mathematics Mechanization Chinese Academy of Sciences Outline Compute an isolated primary component Bates etc.06, Corless

838 views • 58 slides
LICENSING OF SEISMICALLY ISOLATED NPPS IN THE USA

LICENSING OF SEISMICALLY ISOLATED NPPS IN THE USA

LICENSING OF SEISMICALLY ISOLATED NPPS IN THE USA Regulatory challenges and guidance Annie Kammerer & Andrew WhiHaker SMiRT Special Session on

709 views • 36 slides
Quantum Quantum Architectures Architectures June 1, 2005 June 1, 2005 Computing? Computing?

Quantum Quantum Architectures Architectures June 1, 2005 June 1, 2005 Computing? Computing?

Quantum Quantum Architectures Architectures June 1, 2005 June 1, 2005 Computing? Computing? e of computing devices that exhibit quantu e of computing devices that exhibit quantu chanical behavior chanical behavior ehavior of isolated

532 views • 28 slides
Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire

Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire

Signal machines : localization of isolated accumulation Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire dInformatique Fondamentale dOrlans, Universit dOrlans, Orlans, FRANCE 6 mars 2011

553 views • 39 slides
CSC 6991: Using Hardware Isolated Execu;on Environments for

CSC 6991: Using Hardware Isolated Execu;on Environments for

CSC 6991: Using Hardware Isolated Execu;on Environments for Securing Systems Fengwei Zhang Wayne State University CSC 6991 Advanced Computer Security 1

302 views • 19 slides
The Potential Immunomodulatory Effect of L. rhamnosus TW2 & L. plantarum TW14 Isolated from

The Potential Immunomodulatory Effect of L. rhamnosus TW2 & L. plantarum TW14 Isolated from

Nurheni Sri Palupi 1,2 , Triana Setyawardani 3 , Winiati P Rahayu 1,2 The Potential Immunomodulatory Effect of L. rhamnosus TW2 & L. plantarum TW14 Isolated from Local Goat Milk and Their Incorporation in Cheese 1) Department of Food Science

1.04k views • 15 slides
Probiotic and technological characteristics of microorganisms isolated from a natural ecosystem,

Probiotic and technological characteristics of microorganisms isolated from a natural ecosystem,

Probiotic and technological characteristics of microorganisms isolated from a natural ecosystem, the Kefir grain. - CIDCA UNL P - Ctedra de Microbiologa General, Facultad de Ciencias Exactas, UNLP Graciela L. De Antoni - CIC-PBA -

613 views • 20 slides
Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8) , zfs(8) and nfsd(8)

Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8) , zfs(8) and nfsd(8)

Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8) , zfs(8) and nfsd(8) editor@callfortesting.org @MichaelDexter BSDCan 2018 Jails and bhyve FreeBSDs had Isolation since 2000 and Virtualization since 2014 Why

1.13k views • 76 slides
Outline Isolated Congenital Diaphragmatic Hernia Prenatal diagnosis & prediction of

Outline Isolated Congenital Diaphragmatic Hernia Prenatal diagnosis & prediction of

20-3-2012 Prenatal management of the fetus with isolated Congenital Diaphragmatic Hernia Jan Deprest Center for Fetal Medicine Department Woman and Child, Division Woman University Hospitals Leuven Leuven, Belgium On behalf of the FETO consortium A

580 views • 13 slides
Isolated cases of remote dynamic triggering in Canada detected

Isolated cases of remote dynamic triggering in Canada detected

Isolated cases of remote dynamic triggering in Canada detected using cataloged earthquakes combined with a matched-filter approach Bei Wang 1 , Rebecca M.

287 views • 16 slides
Appropriate wireless technologies for extending 3G coverage to isolated rural communities

Appropriate wireless technologies for extending 3G coverage to isolated rural communities

Appropriate wireless technologies for extending 3G coverage to isolated rural communities Javier Sim URJC GAIA-2 October 21st, 2014 Context analysis Remote rural areas arise little interest to operators due to: Low density of

509 views • 21 slides
An Algorithm for Determining Intro to problem the Endpoints for Isolated Solution

An Algorithm for Determining Intro to problem the Endpoints for Isolated Solution

Outline An Algorithm for Determining Intro to problem the Endpoints for Isolated Solution Utterances Algorithm Summary L.R. Rabiner and M.R. Sambur The Bell System Technical Journal , Vol. 54, No. 2, Feb. 1975, pp. 297-315

65 views • 4 slides
An Algorithm for Determining the Endpoints for Isolated Intro to problem Solution

An Algorithm for Determining the Endpoints for Isolated Intro to problem Solution

Outline An Algorithm for Determining the Endpoints for Isolated Intro to problem Solution Utterances Algorithm Summary L.R. Rabiner and M.R. Sambur The Bell System Technical Journal , Vol. 54, No. 2, Feb. 1975, pp. 297-315

88 views • 4 slides
Identification, characterization, and functional assessments of isolated wetlands Dyukarev E.A.

Identification, characterization, and functional assessments of isolated wetlands Dyukarev E.A.

Identification, characterization, and functional assessments of isolated wetlands Dyukarev E.A. 1 , Gordov E.P. 1 , Dyukarev A.G. 1 , Autrey B. 2 , Lane C.R. 2 1 institute of Monitoring of Climatic and Ecological Systems SB RAS, Tomsk, Russia 2

374 views • 22 slides
Debate: 33-Year-Old Yoga Lover, Former Ballet Professional with an Isolated ACL Tear Pro:

Debate: 33-Year-Old Yoga Lover, Former Ballet Professional with an Isolated ACL Tear Pro:

Orthopaedic Summit 2017 Debate: 33-Year-Old Yoga Lover, Former Ballet Professional with an Isolated ACL Tear Pro: Hamstring Autograft is the Way to Go! Kevin F. Bonner, M.D. Jordan-Young Institute, Virginia Beach, VA Assistant Professor,

446 views • 23 slides
OUR DISTRICT 12 isolated villages located along the Alaska Peninsula Extremely limited

OUR DISTRICT 12 isolated villages located along the Alaska Peninsula Extremely limited

OUR DISTRICT 12 isolated villages located along the Alaska Peninsula Extremely limited access: Non- Road System Yupik Eskimo, Athabascan Indian, and Aleut A mere 1,631 people across our Borough Approximately 315 students in

438 views • 5 slides

More recommend