Minimal Kernel: An Operating System Architecture for TEE to Resist Board Level Physical Attacks

Authors: 

Shijun Zhao, Institute of Software Chinese Academy of Sciences; Qianying Zhang, Capital Normal University Information Engineering College; Yu Qin, Wei Feng, and Dengguo Feng, Institute of Software Chinese Academy of Sciences

Abstract: 

ARM specifications recommend that software residing in TEE's (Trusted Execution Environment) secure world should be located in the on-chip memory to prevent board level physical attacks. However, the on-chip memory is very limited, placing significant limits on TEE's functionality. The minimal kernel operating system architecture addresses this problem by building a small kernel which executes the whole TEE system only on the on-chip memory on demand and cryptographically protects all the data/code stored outside of SoC. In the architecture, a small kernel is built inside the TEE OS kernel space and achieves the minimal size by only including the very essential components used to execute and protect the TEE system. The minimal kernel consists of a minimal demand-paging system, which sets the on-chip memory as the only working memory for the TEE system and the off-chip memory as a backing store, and a memory protection component, which provides confidentiality and integrity protection on the backing store. A Merkle tree based memory protection scheme, reducing the requirement for on-chip memory, allows the minimal kernel to protect large trusted applications (TAs). This OS organization makes it possible to achieve the goal of physical security without losing any TEE's functionality. We have incorporated a prototype of minimal kernel into OP-TEE, a popular open source TEE OS. Our implementation only requires a runtime footprint of 100 KB on-chip memory but can protect the entire OP-TEE kernel and TAs, which are dozens of megabytes.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {242024,
author = {Shijun Zhao and Qianying Zhang and Yu Qin and Wei Feng and Dengguo Feng},
title = {Minimal Kernel: An Operating System Architecture for {TEE} to Resist Board Level Physical Attacks},
booktitle = {22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019)},
year = {2019},
isbn = {978-1-939133-07-6},
address = {Chaoyang District, Beijing},
pages = {105--120},
url = {https://www.usenix.org/conference/raid2019/presentation/zhao},
publisher = {{USENIX} Association},
month = sep,
}