T2Droid: A TrustZone-Based Dynamic Analyser for Android Applications

“…Protection for flow tracking application [59] Trusted framework to develop IoT applications [36] Protection for health data [73] Secure architecture for P2P scenarios [24] Protection for edge computing [63] Comparison between TEE and secure multi-party computation application [62] Protection for video application [46], [69] Secure logger [13], [76] Protection for system analyser [49] Societal model for IoT security [68] Protection for location-based services [60] Trusted auditor [47] Protection for data dissemination [61] Data encryption mechanism [56] Protection for data management [14] Data protection (app) [71] Protection for data aggregation (app) [75] Checker for Industrial gateway communications [52] Lightweithg anonymous authentication [25] Remote attestation mechanism [38] Device snapshot authentication system [32] Control-flow attestation [37] Authentication scheme [58] Remote attestation and channel protection [44] Secure authentication and key distribution [67] Boot attestation [53] Protection for data through authentication [50] Protection and attestation for remote terminal [65] Device private keys protection architecture [28] Remote attestation [64] Keys derivation from device characteristics [31] Authenticity detection service [40] Keys protection against cold boot attacks [55] Cache rootkit exploiting TrustZone [35] vendors, e.g., ARM and Intel, already present many of the general advantages, such as hardware isolation (normal world and the secure world) and mem...…”

“…According to Zhang et al [35], the incoherence between cache in the normal and secure worlds is a disadvantage related to TrustZone since someone can explore it as a vulnerability. Although some works presented low overheads, some authors consider that some operations with TEEs present high performance overhead [44], [49], e.g., when using the SGX monotonic counter [13], or high power consumption overhead [47]. For others, the need to use specific hardware is also considered a disadvantage [75].…”

Systematic Literature Review on the Use of Trusted Execution Environments to Protect Cloud/Fog-Based Internet of Things Applications

“…Protection for flow tracking application [59] Trusted framework to develop IoT applications [36] Protection for health data [73] Secure architecture for P2P scenarios [24] Protection for edge computing [63] Comparison between TEE and secure multi-party computation application [62] Protection for video application [46], [69] Secure logger [13], [76] Protection for system analyser [49] Societal model for IoT security [68] Protection for location-based services [60] Trusted auditor [47] Protection for data dissemination [61] Data encryption mechanism [56] Protection for data management [14] Data protection (app) [71] Protection for data aggregation (app) [75] Checker for Industrial gateway communications [52] Lightweithg anonymous authentication [25] Remote attestation mechanism [38] Device snapshot authentication system [32] Control-flow attestation [37] Authentication scheme [58] Remote attestation and channel protection [44] Secure authentication and key distribution [67] Boot attestation [53] Protection for data through authentication [50] Protection and attestation for remote terminal [65] Device private keys protection architecture [28] Remote attestation [64] Keys derivation from device characteristics [31] Authenticity detection service [40] Keys protection against cold boot attacks [55] Cache rootkit exploiting TrustZone [35] vendors, e.g., ARM and Intel, already present many of the general advantages, such as hardware isolation (normal world and the secure world) and mem...…”

“…According to Zhang et al [35], the incoherence between cache in the normal and secure worlds is a disadvantage related to TrustZone since someone can explore it as a vulnerability. Although some works presented low overheads, some authors consider that some operations with TEEs present high performance overhead [44], [49], e.g., when using the SGX monotonic counter [13], or high power consumption overhead [47]. For others, the need to use specific hardware is also considered a disadvantage [75].…”

Systematic Literature Review on the Use of Trusted Execution Environments to Protect Cloud/Fog-Based Internet of Things Applications

“…Recently, a few researchers have attempted to build malicious code detection services in the secure world directly. T2Droid [22] is a malware dynamic analysis scheme on Android-based mobile devices, which attempts to deploy the APK detection program into the TEE for a higher-privilege detector. T2Droid sharply increases the trusted computing base of the secure world, which consequently increases the risk of having security vulnerabilities.…”

“…Generally, being a component that needs to be updated frequently, the detector has a complex iterative check mechanism which will not only increases the risk of compromise but also can not guarantee its timeliness. Sileshi D. Y. et al [22] proposed that the use of complex integrity verification protocols for detector running in the non-secure world would introduce the competition of modifying files multiple times. In order to implement a detector in the non-secure world, HE-TEEMD uses the homomorphism and randomness of the ciphertext to reduce the security requirements of the detector.…”

Malicious Code Detection for Trusted Execution Environment Based on Paillier Homomorphic Encryption

“…Current dynamic malware analysis methods can be divided into four classes: (1) hooking methods, (2) emulation methods, (3) hypervisor-based methods, and (4) bare-metal based methods. Hooking methods (Willems et al 2007;Guarnieri and Fernandes 2010;Yalew et al 2017) perform inline overwriting of API code directly in the process memory. Therefore, the malware attempts to use any of the Windows APIs can be monitored.…”

Hypervisor-assisted dynamic malware analysis