It's TEEtime: Secure Interrupt Isolation for Normal-world Enclaves on Arm
Abstract
Secure and direct peripheral access is an important building block for protecting sensitive applications on mobile and embedded devices: Otherwise, an untrusted OS or hypervisor can, for example, trivially intercept an app’s secrets when it renders them or restrict an app’s functionality by limiting the way it can interface with a peripheral. While Arm TrustZone supports secure peripheral access, its design choices limit the flexible deployment of apps in the secure world. Recent TEE designs address this by isolating applications outside the secure world, but at the cost of secure peripheral access. We propose TEEtime, a novel system that gives software running in normal-world isolated execution environments (domains) direct and secure peripheral access by relying on existing Arm TrustZone mechanisms and the secure monitor for enforcement. TEEtime introduces interrupt isolation as a novel key primitive; we design a fine-grained interrupt isolation framework for Armv8-A. We prototype TEEtime on Arm’s FVP simulator and on the Purism Librem 5 phone, showcasing a Signal messenger app running alongside an untrusted OS.
Research Areas: Secure Ranging and Positioning, Secure Ranging and Positioning, Trusted Computing, Trusted Computing and Users and Security
People
