TY - GEN
T1 - TruZ-Droid
T2 - 16th ACM International Conference on Mobile Systems, Applications, and Services,MobiSys 2018
AU - Ying, Kailiang
AU - Ahlawat, Amit
AU - Alsharifi, Bilal
AU - Jiang, Yuexin
AU - Thavai, Priyank
AU - Du, Wenliang
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/6/10
Y1 - 2018/6/10
N2 - Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor’s SDK. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user’s secret input and confirmation, and (ii) sending of user’s secrets to the authorized server. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. We demonstrated TruZ-Droid’s effectiveness by adding new security features to existing apps to protect user’s sensitive information and attest user’s confirmation. TruZ-Droid’s real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.
AB - Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor’s SDK. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user’s secret input and confirmation, and (ii) sending of user’s secrets to the authorized server. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. We demonstrated TruZ-Droid’s effectiveness by adding new security features to existing apps to protect user’s sensitive information and attest user’s confirmation. TruZ-Droid’s real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.
KW - Android
KW - TrustZone
UR - http://www.scopus.com/inward/record.url?scp=85051550662&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85051550662&partnerID=8YFLogxK
U2 - 10.1145/3210240.3210338
DO - 10.1145/3210240.3210338
M3 - Conference contribution
AN - SCOPUS:85051550662
T3 - MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services
SP - 14
EP - 27
BT - MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services
PB - Association for Computing Machinery, Inc
Y2 - 10 June 2018 through 15 June 2018
ER -