TruZ-view: Developing trustZone user interface for mobile oS using delegation integration model

Kailiang Ying, Priyank Thavai, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

12 Scopus citations

Abstract

When OS and hypervisor are compromised, mobile devices currently provide a hardware protected mode called Trusted Execution Environment (TEE) to guarantee the confidentiality and integrity of the User Interface (UI). The present TEE UI solutions adopt a self-contained design model, which provides a fully functional UI stack in the TEE, but they fail to manage one critical design principle of TEE: a small Trusted Computing Base (TCB), which should be more easily verified in comparison to a rich OS. The TCB size of the self-contained model is large as a result of the size of an individual UI stack. To reduce the TCB size of the TEE UI solution, we proposed a novel TEE UI design model called delegation model. To be specific, our design reuses the majority of the rich OS UI stack. Unlike the existing UI solutions protecting 3-dimensional UI processing in the TEE, our design protects the UI solely as a 2-dimensional surface and thus reduces the TCB size. Our system, called TruZ-View, allows application developers to use the rich OS UI development environment to develop TEE UI with consistent UI looks across the TEE and the rich OS. We successfully implemented our design on HiKey board. Moreover, we developed several TEE UI use cases to protect the confidentiality and integrity of UI. We performed a thorough security analysis to prove the security of the delegation UI model. Our real-world application evaluation shows that developers can leverage our TEE UI with few changes to the existing app’s UI logic.

Original languageEnglish (US)
Title of host publicationCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages1-12
Number of pages12
ISBN (Electronic)9781450360999
DOIs
StatePublished - Mar 13 2019
Event9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 - Richardson, United States
Duration: Mar 25 2019Mar 27 2019

Publication series

NameCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

Conference

Conference9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
Country/TerritoryUnited States
CityRichardson
Period3/25/193/27/19

Keywords

  • Android
  • TrustZone
  • UI safety

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'TruZ-view: Developing trustZone user interface for mobile oS using delegation integration model'. Together they form a unique fingerprint.

Cite this