Go to DBLP homepageTZ-IMA: Supporting Integrity Measurement for Applications with ARM TrustZone
Abstract: With the development of cloud computing and distributed systems, the computer system becomes increasingly complicated and open. To protect the integrity of applications, Integrity Measurement Architecture (IMA) is applied in the Linux kernel. However, traditional operating systems are complex and may contain many potential vulnerabilities. If the sensitive data used in IMA is leaked or modified, the protection mechanism will lose effectiveness. This paper proposes TZ-IMA, a security-enhanced solution to verify the integrity of applications based on ARM TrustZone technology. The system saves the encrypted reference hash value of applications and the encryption key in the normal world and in TrustZone, respectively. Before an application is executed, the integrity of application is checked by the secure world. Moreover, a vPCR module is constructed in TrustZone to protect the security of the measurement list. Based on the trusted anchor provided by TrustZone, TZ-IMA enables a challenger to prove that the attesting platform has sufficient integrity to be used. TZ-IMA is implemented on ARMv8 development board, and the evaluation results demonstrate that the overhead is only approximately 5% compared with the original system.
External IDs:dblp:conf/icics/SongDDGW22
Loading