CSIS logoCenter for Secure Information Systems

Securing the World's Cyber Infrastructure

Aerial View of the George Mason Fairfax Campus

CSIS Seminar

Hardware-assisted Trusted Execution Environments on ARM Processors

Speaker:   Dr. Kun Sun
When:   Friday, April 1, 2016, 11:00am - 12:00pm
Where:   Engineering Building, Room 4801


Smartphones have been widely used to process sensitive data and perform important transactions. ARM introduces TrustZone as a hardware security extension to protect secure code from insecure code by separating them into two isolated execution domains. In this talk, we present three of our studies on how to use TrustZone technology to enhance smartphone security. First, we develop TrustOTP, a secure one-time password solution that can achieve both the flexibility of software tokens and the security of hardware tokens. TrustOTP can not only protect the confidentiality of the OTPs against a malicious mobile OS, but also guarantee reliable OTP generation and trusted OTP display when the mobile OS is compromised or even crashes. Second, we propose a novel isolation framework named TrustICE to create isolated computing environments (ICEs) in the normal domain. TrustICE securely isolates the secure code in an ICE from an untrusted Rich OS in the normal domain. The trusted computing base (TCB) of TrustICE remains small and unchanged regardless of the amount of secure code being protected. Third, we present the design and development of a cache-assisted secure execution framework, called CaSE, on ARM processors to defend against sophisticated attackers who can launch multi-vector attacks including software attacks and hardware memory disclosure attacks. To protect the sensitive code and data against cold boot attack, applications are encrypted in memory and decrypted only within the processor cache for execution. The memory separation and the cache separation provided by TrustZone are used to protect the cached applications against compromised OS.

Speaker Bio

Dr. Kun Sun is an assistant professor in the Department of Computer Science at College of William and Mary. He received his Ph.D. in Computer Science from North Carolina State University in 2006. His research focuses on systems and network security. Dr. Sun has more than 10 years working experience in both industry and academia. He has more than 50 publications and 2 patents. Before joining W&M, he was a Research Professor in George Mason University. Before that, he was a Senior Research Scientist in Intelligent Automation Inc. at Rockville Maryland. He was a Member of the Technical Staff at Bell Labs, Lucent Technology in 2000. His current research focuses on trustworthy computing environment, moving target defense, smart phone security, and password management.