TY - GEN
T1 - TruZ-view
T2 - 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
AU - Ying, Kailiang
AU - Thavai, Priyank
AU - Du, Wenliang
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/3/13
Y1 - 2019/3/13
N2 - When OS and hypervisor are compromised, mobile devices currently provide a hardware protected mode called Trusted Execution Environment (TEE) to guarantee the confidentiality and integrity of the User Interface (UI). The present TEE UI solutions adopt a self-contained design model, which provides a fully functional UI stack in the TEE, but they fail to manage one critical design principle of TEE: a small Trusted Computing Base (TCB), which should be more easily verified in comparison to a rich OS. The TCB size of the self-contained model is large as a result of the size of an individual UI stack. To reduce the TCB size of the TEE UI solution, we proposed a novel TEE UI design model called delegation model. To be specific, our design reuses the majority of the rich OS UI stack. Unlike the existing UI solutions protecting 3-dimensional UI processing in the TEE, our design protects the UI solely as a 2-dimensional surface and thus reduces the TCB size. Our system, called TruZ-View, allows application developers to use the rich OS UI development environment to develop TEE UI with consistent UI looks across the TEE and the rich OS. We successfully implemented our design on HiKey board. Moreover, we developed several TEE UI use cases to protect the confidentiality and integrity of UI. We performed a thorough security analysis to prove the security of the delegation UI model. Our real-world application evaluation shows that developers can leverage our TEE UI with few changes to the existing app’s UI logic.
AB - When OS and hypervisor are compromised, mobile devices currently provide a hardware protected mode called Trusted Execution Environment (TEE) to guarantee the confidentiality and integrity of the User Interface (UI). The present TEE UI solutions adopt a self-contained design model, which provides a fully functional UI stack in the TEE, but they fail to manage one critical design principle of TEE: a small Trusted Computing Base (TCB), which should be more easily verified in comparison to a rich OS. The TCB size of the self-contained model is large as a result of the size of an individual UI stack. To reduce the TCB size of the TEE UI solution, we proposed a novel TEE UI design model called delegation model. To be specific, our design reuses the majority of the rich OS UI stack. Unlike the existing UI solutions protecting 3-dimensional UI processing in the TEE, our design protects the UI solely as a 2-dimensional surface and thus reduces the TCB size. Our system, called TruZ-View, allows application developers to use the rich OS UI development environment to develop TEE UI with consistent UI looks across the TEE and the rich OS. We successfully implemented our design on HiKey board. Moreover, we developed several TEE UI use cases to protect the confidentiality and integrity of UI. We performed a thorough security analysis to prove the security of the delegation UI model. Our real-world application evaluation shows that developers can leverage our TEE UI with few changes to the existing app’s UI logic.
KW - Android
KW - TrustZone
KW - UI safety
UR - http://www.scopus.com/inward/record.url?scp=85063899818&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063899818&partnerID=8YFLogxK
U2 - 10.1145/3292006.3300035
DO - 10.1145/3292006.3300035
M3 - Conference contribution
AN - SCOPUS:85063899818
T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
SP - 1
EP - 12
BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
Y2 - 25 March 2019 through 27 March 2019
ER -