基于ARM架构的隔离执行环境研究与实现

随着网络空间中的数据量不断增长，人们对数据隐私问题的关注日益增加。可信执行环境是隐私计算的关键技术之一，可以提供硬件级别的保护，使数据处理更加安全可靠。ARM平台引入了TrustZone来为厂商部署的可信应用提供安全保障，但却无法为第三方敏感应用提供相同的保护。只有供应商才能在TrustZone中部署应用程序，因此第三方应用程序开发人员必须与厂商合作，这给开发和验证过程带来了实际挑战。此外，TrustZone仅支持单个可信执行环境，无法满足来自不同来源的第三方应用程序并发执行的安全需求。 机密计算架构是ARMv9的最新安全特性，该架构引入了专为第三方开发人员定制的机密虚拟机。然而，机密计算架构的规范仍在完善阶段，目前没有相应的硬件支持。当前的可商用ARM平台上亟需一种用于安全运行第三方应用程序的隔离执行环境方案。

本文提出了一种基于ARM平台常见硬件特性的隔离执行环境方案，该方案支持在ARM平台上安全地运行第三方敏感应用程序，为开发者提供机密计算架构的功能适配。具体来说，本文通过合理配置内存管理单元和系统内存管理单元的第二阶段页表，为第三方敏感应用程序提供了独立的隔离执行环境并且确保其使用外设时的I/O安全。本文在Neoverse N1系统开发平台上实现了系统原型Armory，验证了其抵御潜在攻击的能力。同时对Armory进行了性能评估，结果表明，Armory在常见的真实世界和I/O场景中仅产生了微小的性能开销（0.1% -5.5%）。

[1] APPLE. Apple Pay Component Security[EB/OL]. 2022. https://support.apple.com/en-ie/guid e/security/sec2561eb018/1/web/1.
[2] APPLE. About Face ID Advanced Technology[EB/OL]. 2022. https://support.apple.com/en-g b/HT208108.
[3] DECENTRIQ. Confidential ML Inference[EB/OL]. 2020. https://query.prod.cms.rt.microsof t.com/cms/api/am/binary/RE4C5kr.
[4] CHETTY M, REN J. Secured AI Model Inferencing at the Edge with Intel Developer Cloud for Edge Workloads[EB/OL]. 2022. https://www.intel.com/content/www/us/en/developer/arti cles/technical/secured-ai-model-inferencing-at-the-edge.html.
[5] CONCLAVE. Conclave Cloud User Guide[EB/OL]. 2022. https://r3conclave.github.io/ccl-d ocumentation/.
[6] ARM. Arm TrustZone Technology[EB/OL]. 2008. https://www.arm.com/technologies/trustzo ne-for-cortex-a.
[7] PLATFORM G. Tee management framework (version 1.0)[EB/OL]. 2016. https://www.glob alplatform.org/specificationform.asp?fid=7866.
[8] ARM. Arm Confidential Compute Architecture[EB/OL]. 2021. https://www.arm.com/archit ecture/security-features/arm-confidential-compute-architecture.
[9] HUA Z, GU J, XIA Y, et al. vTZ: Virtualizing ARM TrustZone[C/OL]//26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, 2017: 541-556. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/hua.
[10] LI D, MI Z, XIA Y, et al. TwinVisor: Hardware-isolated Confidential Virtual Machines for ARM [C/OL]//Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles CD-ROM. Virtual Event Germany: ACM, 2021: 638-654
[2022-03-27]. https://dl.acm.org/doi /10.1145/3477132.3483554.
[11] SUN L, WANG S, WU H, et al. LEAP: TrustZone Based Developer-Friendly TEE for Intelligent Mobile Apps[J/OL]. IEEE Transactions on Mobile Computing, 2022: 1-18. DOI: 10.1109/TM C.2022.3207745.
[12] SUN H, SUN K, WANG Y, et al. TrustICE: Hardware-Assisted Isolated Computing Environ- ments on Mobile Devices[C/OL]//2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2015: 367-378. DOI: 10.1109/DSN.2015.11.
[13] BRASSER F, GENS D, JAUERNIG P, et al. SANCTUARY: ARMing TrustZone with User- space Enclaves[C/OL]//Proceedings 2019 Network and Distributed System Security Sympo- sium. San Diego, CA: Internet Society, 2019
[2022-03-27]. https://www.ndss-symposium.org /wp-content/uploads/2019/02/ndss2019_01A-1_Brasser_paper.pdf. DOI: 10.14722/ndss.2019 .23448.
[14] LI W, XIA Y, LU L, et al. TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms[C/OL]//VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. New York, NY, USA: Association for Com- puting Machinery, 2019: 2–16. https://doi.org/10.1145/3313808.3313810.
[15] KWON D, SEO J, CHO Y, et al. PrOS: Light-Weight Privatized Se cure OSes in ARM TrustZone[J/OL]. IEEE Transactions on Mobile Computing, 2020, 19(6): 1434-1447. DOI: 10.1109/TMC.2019.2910861.
[16] ZERO P. Trust Issues: Exploiting TrustZone TEEs[EB/OL]. 2017. https://googleprojectzero. blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html.
[17] CERDEIRA D, MARTINS J, SANTOS N, et al. ReZone: Disarming TrustZone with TEE Priv- ilege Reduction[C/OL]//31st USENIX Security Symposium (USENIX Security 22). Boston, MA: USENIX Association, 2022: 2261-2279. https://www.usenix.org/conference/usenixsecu rity22/presentation/cerdeira.
[18] FERRAIUOLO A, BAUMANN A, HAWBLITZEL C, et al. Komodo: Using verification to disentangle secure-enclave hardware from software[C/OL]//Proceedings of the 26th Sympo- sium on Operating Systems Principles. Shanghai China: ACM, 2017: 287-305
[2022-03-27]. https://dl.acm.org/doi/10.1145/3132747.3132782.
[19] ZHAO S, ZHANG Q, QIN Y, et al. SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE[C/OL]//Proceedings of the 2019 ACM SIGSAC Conference on Com- puter and Communications Security. London United Kingdom: ACM, 2019: 1723-1740
[2022- 03-27]. https://dl.acm.org/doi/10.1145/3319535.3363205.
[20] AZAB A, SWIDOWSKI K, BHUTKAR R, et al. SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM[C/OL]//Proceedings 2016 Network and Distributed System Security Symposium. San Diego, CA: Internet Society, 2016
[2022-03-27]. https://www.ndss -symposium.org/wp-content/uploads/2017/09/skee-lightweight-secure-kernel-level-execution -environment-for-arm.pdf. DOI: 10.14722/ndss.2016.23009.
[21] HAN S, JANG J. MyTEE: Own the Trusted Execution Environment on Embedded Devices [C/OL]//30th Annual Network and Distributed System Security Symposium, NDSS2023, San Diego, California, USA, February 27 - March 3, 2023. The Internet Society, 2023. https: //www.ndss-symposium.org/ndss-paper/mytee-own-the-trusted-execution-environment-on-e mbedded-devices/.
[22] WANG J, SUN K, LEI L, et al. CacheIEE: Cache-assisted Isolated Execution Environment on ARM Multi-Core Platforms[J/OL]. IEEE Transactions on Dependable and Secure Computing, 2023: 1-16. DOI: 10.1109/TDSC.2023.3251418.
[23] ZHANG Y, HU Y, NING Z, et al. SHELTER: Extending Arm CCA with Isolation in User Space [C/OL]//32nd USENIX Security Symposium (USENIX Security 23). Anaheim, CA: USENIX Association, 2023: 6257-6274. https://www.usenix.org/conference/usenixsecurity23/presentat ion/zhang-yiming.
[24] SRIDHARA S, BERTSCHI A, SCHLüTER B, et al. ACAI: Protecting Accelerator Execution with Arm Confidential Computing Architecture: arXiv:2305.15986[M/OL]. arXiv, 2023
[2023- 12-08]. http://arxiv.org/abs/2305.15986. DOI: 10.48550/arXiv.2305.15986.
[25] UNIVERSITY) C W, ZHANG F, DENG Y, et al. CAGE: Complementing Arm CCA with GPU Extensions[C/OL]//Proceedings 2024 Network and Distributed System Security Symposium. San Diego, CA, USA: Internet Society, 2024
[2024-04-01]. https://www.ndss-symposium.org /wp-content/uploads/2024-763-paper.pdf. DOI: 10.14722/ndss.2024.24763.
[26] LINARO. Open portable trusted execution environment[EB/OL]. 2020. https://www.op-tee.o rg/.
[27] BEHRANG. A software level analysis of trustzone os and trustlets in samsung galaxy phone [EB/OL]. 2013. https://www.sensepost.com/blog/2013/a-software-level-analysis-of-trustzone -os-and-trustlets-in-samsung-galaxy-phone/.
[28] BUSCH M, WESTPHAL J, MüLLER T. Unearthing the TrustedCore: a critical review on Huawei’s trusted execution environment[C]//WOOT’20: Proceedings of the 14th USENIX Conference on Offensive Technologies. USA: USENIX Association, 2020.
[29] KHALID F, MASOOD A. Vulnerability analysis of Qualcomm Secure Execution Environment (QSEE)[J/OL]. Computers & Security, 2022, 116: 102628. https://www.sciencedirect.com/sc ience/article/pii/S016740482200027X. DOI: https://doi.org/10.1016/j.cose.2022.102628.
[30] COSTAN V, DEVADAS S. Intel SGX Explained[J]. IACR Cryptol. ePrint Arch., 2016, 2016: 86.
[31] NGABONZIZA B, MARTIN D, BAILEY A, et al. TrustZone Explained: Architectural Features and Use Cases[C/OL]//2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). 2016: 445-451. DOI: 10.1109/CIC.2016.065.
[32] KAPLAN D, POWELL J, WOLLER T. AMD memory encryption[J]. White paper, 2016.
[33] KOTNI S, NAYAK A, GANAPATHY V, et al. Faastlane: Accelerating Function-as-a-Service Workflows.[C]//USENIX Annual Technical Conference (USENIX ATC). 2021.
[34] VAHLDIEK-OBERWAGNER A, ELNIKETY E, DUARTE N O, et al. ERIM: Secure, Effi- cient In-process Isolation with Protection Keys MPK[C]//28th USENIX Security Symposium (USENIX Security). 2019.
[35] NARAYANAN V, HUANG Y, TAN G, et al. Lightweight kernel isolation with virtualization and VM functions[C/OL]//VEE ’20: Proceedings of the 16th ACM SIGPLAN/SIGOPS Inter- national Conference on Virtual Execution Environments. New York, NY, USA: Association for Computing Machinery, 2020: 157–171. https://doi.org/10.1145/3381052.3381328.
[36] AMD. SEV-SNP strengthening vm isolation with integrity protection and more[EB/OL]. 2023. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-pap ers/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf.
[37] KAPLAN D. AMD x86 Memory Encryption Technologies[C]//Austin, TX: USENIX Associ- ation, 2016.
[38] AMD. EXTENDING SECURE ENCRYPTED VIRTUALIZATION WITH SEV-ES[EB/OL]. 2023. https://events19.linuxfoundation.org/wp-content/uploads/2017/12/Extending-Secure-E ncrypted-Virtualization-with-SEV-ES-Thomas-Lendacky-AMD.pdf.
[39] JIA Y, LIU S, WANG W, et al. HyperEnclave: An Open and Cross-platform Trusted Execution Environment[C]//2022 USENIX Annual Technical Conference (USENIX ATC). 2022.
[40] COSTAN V, LEBEDEV I, DEVADAS S. Sanctum: Minimal hardware extensions for strong software isolation[C]//25th USENIX Security Symposium (USENIX Security). 2016.
[41] BAHMANI R, BRASSER F, DESSOUKY G, et al. CURE: A Security Architecture with CUs- tomizable and Resilient Enclaves[C/OL]//30th USENIX Security Symposium (USENIX Secu- rity 21). USENIX Association, 2021: 1073-1090. https://www.usenix.org/conference/usenix security21/presentation/bahmani.
[42] FENG E, LU X, DU D, et al. Scalable Memory Protection in the PENGLAI Enclave[C/OL]// 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21). USENIX Association, 2021: 275-294. https://www.usenix.org/conference/osdi21/presentat ion/feng.
[43] WEISER S, WERNER M, BRASSER F, et al. Timber-v: Tag-isolated memory bringing fine- grained enclaves to risc-v.[C]//NDSS. 2019.
[44] LEE D, KOHLBRENNER D, SHINDE S, et al. Keystone: an open framework for architecting trusted execution environments[C/OL]//Proceedings of the Fifteenth European Conference on Computer Systems. Heraklion Greece: ACM, 2020: 1-16
[2022-03-27]. https://dl.acm.org/doi /10.1145/3342195.3387532.
[45] ARM. ARM CoreLink TZC-400 TrustZone Address Space Controller[EB/OL]. 2013. https: //developer.arm.com/documentation/ddi0504/c/DDI0504C_tzc400_r0p1_trm.pdf.
[46] ARM. Arm System Memory Management Unit Architecture Specification, SMMU architecture version 3[EB/OL]. 2023. https://developer.arm.com/documentation/ihi0070/latest/.
[47] ARM. Arm Realm Management Extension System Architecture[EB/OL]. 2022. https://develo per.arm.com/documentation/den0129/ad.
[48] BENIAMINI G. Unlocking the Motorola Bootloader[EB/OL]. 2016. http://bits-please.blogsp ot.com/2016/02/unlocking-motorola-bootloader.html.
[49] CHEN Z, VASILAKIS G, MURDOCK K, et al. VoltPillager: Hardware-based fault injec- tion attacks against Intel SGX Enclaves using the SVID voltage scaling interface[C/OL]//30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 2021: 699-716. https://www.usenix.org/conference/usenixsecurity21/presentation/chen-zitai.
[50] CUI A, HOUSLEY R. {BADFET}: Defeating Modern Secure Boot Using {Second-Order} Pulsed Electromagnetic Fault Injection[C/OL]//2017. https://www.usenix.org/conference/wo ot17/workshop-program/presentation/cui.
[51] YITBAREK S F, AGA M T, DAS R, et al. Cold Boot Attacks are Still Hot: Security Analysis of Memory Scramblers in Modern Processors[C/OL]//2017 IEEE International Symposium on High Performance Computer Architecture (HPCA). 2017: 313-324
[2023-12-07]. https://ieee xplore.ieee.org/document/7920835. DOI: 10.1109/HPCA.2017.10.
[52] LEE D, JUNG D, FANG I T, et al. An Off-Chip Attack on Hardware Enclaves via the Memory Bus[C/OL]//29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2020: 487-504. https://www.usenix.org/conference/usenixsecurity20/presentation/lee-dayeol.
[53] YAROM Y, FALKNER K. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack[C/OL]//23rd USENIX Security Symposium (USENIX Security 14). San Diego, CA: USENIX Association, 2014: 719-732. https://www.usenix.org/conference/usenix security14/technical-sessions/presentation/yarom.
[54] OSVIK D A, SHAMIR A, TROMER E. Cache Attacks and Countermeasures: The Case of AES [M/OL]//HUTCHISON D, KANADE T, KITTLER J, et al. Topics in Cryptology –CT-RSA 2006: Vol. 3860. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006: 1-20
[2023-12-07]. http://link.springer.com/10.1007/11605805_1.
[55] GRUSS D, MAURICE C, WAGNER K, et al. Flush+Flush: A Fast and Stealthy Cache Attack [C/OL]//CABALLERO J, ZURUTUZA U, RODRíGUEZ R J. Lecture Notes in Computer Science: Detection of Intrusions and Malware, and Vulnerability Assessment. Cham: Springer International Publishing, 2016: 279-299. DOI: 10.1007/978-3-319-40667-1_14.
[56] GRUSS D, SPREITZER R, MANGARD S. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches[C/OL]//24th USENIX Security Symposium (USENIX Security 15). Washington, D.C.: USENIX Association, 2015: 897-912. https://www.usenix.org/confe rence/usenixsecurity15/technical-sessions/presentation/gruss.
[57] KIRIANSKY V, LEBEDEV I, AMARASINGHE S, et al. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors[C/OL]//2018 51st Annual IEEE/ACM In- ternational Symposium on Microarchitecture (MICRO). 2018: 974-987. DOI: 10.1109/MICR O.2018.00083.
[58] ORENBACH M, BAUMANN A, SILBERSTEIN M. Autarky: closing controlled channels with self-paging enclaves[C/OL]//Proceedings of the Fifteenth European Conference on Com- puter Systems. Heraklion Greece: ACM, 2020: 1-16
[2023-12-07]. https://dl.acm.org/doi/10. 1145/3342195.3387541.
[59] SHIH M W, LEE S, KIM T, et al. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs[C/OL]//Proceedings 2017 Network and Distributed System Security Sym- posium. San Diego, CA: Internet Society, 2017
[2023-12-07]. https://www.ndss-symposium.o rg/ndss2017/ndss-2017-programme/t-sgx-eradicating-controlled-channel-attacks-against-enc lave-programs/. DOI: 10.14722/ndss.2017.23193.
[60] BOURGEAT T, LEBEDEV I, WRIGHT A, et al. MI6: Secure Enclaves in a Speculative Out-of- Order Processor[C/OL]//Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. Columbus OH USA: ACM, 2019: 42-56
[2023-12-07]. https://dl.acm.o rg/doi/10.1145/3352460.3358310.
[61] YAN M, CHOI J, SKARLATOS D, et al. InvisiSpec: Making Speculative Execution In- visible in the Cache Hierarchy[C/OL]//2018 51st Annual IEEE/ACM International Sympo- sium on Microarchitecture (MICRO). Fukuoka: IEEE, 2018: 428-441
[2023-12-07]. https: //ieeexplore.ieee.org/document/8574559/. DOI: 10.1109/MICRO.2018.00042.
[62] WANG J, LI A, LI H, et al. RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone[C/OL]//2022 IEEE Symposium on Security and Privacy (SP). 2022: 352-369. DOI: 10.1109/SP46214.2022.9833604.
[63] ARM. Introducing Arm Confidential Compute Architecture[EB/OL]. 2023. https://developer. arm.com/documentation/den0125/latest/.
[64] ARM. Juno r2 ARM Development Platform SoC Technical Reference Manual[EB/OL]. 2016. https://developer.arm.com/documentation/ddi0515/f/?lang=en.
[65] ARM. PCI IOMMU.[EB/OL]. 2023. https://www.kernel.org/doc/Documentation/devicetree/ bindings/pci/pci-iommu.txt.
[66] ALDANIAL. Cloc[EB/OL]. 2021. https://github.com/AlDanial/cloc.
[67] CHECKOWAY S, SHACHAM H. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface[C/OL]//ASPLOS ’13: Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems. New York, NY, USA: Association for Computing Machinery, 2013: 253–264. https://doi.org/10.1145/245111 6.2451145.
[68] ARM. Arm Neoverse N1 System Development Platform Technical Reference Manual[EB/OL]. 2020. https://developer.arm.com/documentation/101489/0000?lang=en.
[69] Larry McVoy. LMbench-Tools for Performance Analysis[EB/OL]. 2005. https://lmbench.sour ceforge.net/.
[70] LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-Based Learning Applied to Document Recognition[J]. Proceedings of the IEEE, 1998, 86(11): 2278-2324.
[71] IANDOLA F N, HAN S, MOSKEWICZ M W, et al. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <0.5MB model size[A]. 2016.
[72] CLARK M J. Rv8 benchmark suite[EB/OL]. 2019. https://github.com/michaeljclark/rv8-ben ch.
[73] MEMCACHED. Memcached[EB/OL]. 2023. https://github.com/memcached/memcached.
[74] REDIS. Redis[EB/OL]. 2023. https://redis.io/.
[75] ARM. PCIe Access Cpntrol Service[EB/OL]. 2023. https://developer.arm.com/documentatio n/109242/0100/System-architecture-considerations/PCIe-considerations/Peer-to-peer.
[76] ARM. Armv8.5-A Memory Tagging Extension White Paper[EB/OL]. 2023. https://developer. arm.com/documentation/102925/latest/.