RusTEE: Developing Memory-Safe ARM TrustZone Applications

Wan, Shengye; Sun, Mingshen; Sun, Kun; Zhang, Ning; He, Xu

doi:10.1145/3427228.3427262

Cited by 25 publications

(13 citation statements)

References 23 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on TF‐Encrypt 36 and the Teaclave 37 framework, our experiments were performed on an Ubuntu 18.04 version system equipped with Intel Core i5‐8300H 2.30 GHz CPU and 16 GB RAM. The experimental data in this study are MNIST 38 and SVHN 39 data set.…”

Section: Methodsmentioning

confidence: 99%

Privacy‐enhancing machine learning framework with private aggregation of teacher ensembles

Zhao

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

Private aggregation of teacher ensembles (PATE), a general machine learning framework based on knowledge distillation, can provide a privacy guarantee for training data sets. However, this framework poses a number of security risks. First, PATE mainly focuses | INTRODUCTIONMachine learning (ML) has been widely used in computer vision, natural language processing, genomics, and other fields. In recent years, however, the emergence of privacy leakage issues has adversely affected the practical application of ML, where highly sensitive data, such as medical record data, 1 is used for training models. Some recent studies have shown that ML algorithms are extremely vulnerable to malicious attacks. Considering that an ML model implies some pieces of information of the training data, an attacker can use this property to analyze the model parameters or output, and eventually derive partially or fully private information about the training data. For example, Tramer et al. 2 deployed a model extraction attack on the online machine learning as a service (MLaaS) of Google and Amazon, and they successfully obtained a model similar to the original one. Fredrikson et al. 3 identified the original training data by analyzing the probability information output through the model classifier. The member inference attack designed by Shorki et al. 4 can determine whether a specific data sample is present in the model training data set on the basis of the prediction result.To solve privacy risks brought by the aforementioned attacks, Papernot et al. 5,6 proposed a privacy-preserving model called private aggregation of teacher ensembles (PATE) on the basis of multiteacher knowledge transfer. The core idea of PATE is as follows: if independent classifiers that are trained on disjoint data sets show a high degree of consistency for the same input, then the output will not leak any information about the training data. Therefore, PATE first divides a private data set into multiple disjoint subsets and trains a set of teacher models on these subsets. Then, the knowledge of the teacher models is transferred to a student model through an aggregation mechanism that satisfies differential privacy; that is, all teacher models predict the label for the public data set submitted by a student. In the end, only the student model gets published after training on public data with privacy-preserving labels obtained from teachers. An adversary can only have access to the student model, and thus, the privacy of the training data of the teacher models gets protected.Although PATE provides a flexible approach to the training model with privacy guarantees, it still suffers from several limitations and shortcomings. 7 First, PATE assumes that the data submitted by a student is always public without anything sensitive. That is to say, PATE cannot provide a privacy guarantee at all when the data provided by the student model is private. When teacher models prepare to make predictions on a student's private inputs, information of the data may be leaked directly t...

show abstract

Section: Methodsmentioning

confidence: 99%

Privacy‐enhancing machine learning framework with private aggregation of teacher ensembles

Zhao

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

show abstract

“…[34]. Many researchers have utilized OP-TEE to evaluate their TEE prototype [35,36]. We provide an implementation of TrustControl based on the OP-TEE project.…”

Section: Remote Dynamic Code Injectionmentioning

confidence: 99%

TrustControl: Trusted Private Data Usage Control Based on Security Enhanced TrustZone

Lei¹,

Li²,

Li³

et al. 2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

The past decade has seen the rapid development of data in many areas. Data has enormous commercial potential as a new strategic resource that may efficiently boost technical growth and service innovation. However, individuals are becoming increasingly concerned about data misuse and leaks. To address these issues, in this paper, we propose TrustControl, a trusted data usage control system to control, process, and protect data usage without revealing privacy. A trusted execution environment (TEE) is exploited to process confidential user data. First of all, we design a secure and reliable remote attestation mechanism for ARM TrustZone, which can verify the security of the TEE platform and function code, thus guaranteeing data processing security. Secondly, to address the security problem that the raw data may be misused, we design a remote dynamic code injection method to regulate that data can only be processed for the expected purpose. Our solution focuses on protecting the sensitive data of the data owner and the function code of the data user to prevent data misuse and leakage. Furthermore, we implement the prototype system of TrustControl on TrustZone-enabled hardware. Real-world experiment results demonstrate that the proposed Trust-Control is secure and the performance overhead of introducing our prototype system is very low.

show abstract

“…Another solution is to make use of the latest hardware-enabled virtualization feature in the TrustZone, which is available from ARMv8.4-A [26]. Alternatively, it is also possible to write the driver using memory-safe languages such as Rust [52]. Regardless of the mitigation technique that can be adapted to harden the secure world, the design of TZNIC remains effective in providing the secure world a configurable level of access to the peripherals in the normal world.…”

Section: Limitations and Future Workmentioning

confidence: 99%

Remotely controlling TrustZone applications? A study on securely and resiliently receiving remote commands

Wan

Sun

Zhang

et al. 2021

Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Self Cite

View full text Add to dashboard Cite

Mobile devices are becoming an indispensable part of work for corporations and governments to store and process sensitive information. Thus, it is important for remote administrators to maintain control of these devices via Mobile Device Management (MDM) solutions. ARM TrustZone has been widely regarded as the de facto solution for protecting the security-sensitive software, such as MDM agents, from attacks of a compromised rich OS. However, little attention has been given to protecting the MDM control channel, a fundamental component for a remote administrator to invoke the TrustZone-based MDM agents and perform specific management operations. In this work, we design an ARM TrustZone-based network mechanism, called TZNIC, towards enabling resilient and secure access to TrustZone-based software, even in the presence of a malicious rich OS. TZNIC deploys two NIC drivers, one secureworld driver and one normal-world driver, multiplexing one physical NIC. We utilize the ARM TrustZone-based high privilege to protect the secure-world driver and further resolve several challenges on sharing one set of hardware peripherals between two isolated software environments. TZNIC does not require any changes or collaboration of the rich OS. We implement a prototype of TZNIC, and the evaluation results show that TZNIC can provide a reliable network channel to invoke the security software in the secure world, with minimal system overhead on the rich OS. CCS CONCEPTS• Security and privacy → Mobile and wireless security; Mobile platform security.

show abstract

RusTEE: Developing Memory-Safe ARM TrustZone Applications

Cited by 25 publications

References 23 publications

Privacy‐enhancing machine learning framework with private aggregation of teacher ensembles

Privacy‐enhancing machine learning framework with private aggregation of teacher ensembles

TrustControl: Trusted Private Data Usage Control Based on Security Enhanced TrustZone

Remotely controlling TrustZone applications? A study on securely and resiliently receiving remote commands

Contact Info

Product

Resources

About