상세정보
학술대회
An Architecture for Virtualization-Based Trusted Execution Environment on Mobile Devices
- 발행일
- 201412
- 출처
- International Conference on Ubiquitous Intelligence and Computing (UIC) / International Conference on Autonomic and Trusted Computing (ATC) / International Conference on Scalable Computing and Communications and Its Associated Workshops (ScalCom) 2014, pp.540-547
- 협약과제
- 14MS9100, (통합)고집적 저전력 프로세서 기반 30% 이상 에너지절감 범용 운영 체제 및 가상화 핵심 기술 개발, 전성익
- 초록
- In this paper, we present an architecture for a trusted execution environment on mobile devices that allows applications with a wide range of security requirements to run safely in an isolated environment, by using a mobile virtualization technology. These applications can take advantage of the semantics of running on secure area which is isolated from non-secure area that suffers from hacking, malignant code, or the like, while retaining the ability to run side-by-side with normal applications on a general execution environment. We achieve this synthesis by use of a mobile virtual machine monitor (mVMM) that partitions single mobile hardware platform into the separated and isolated virtual machines (VMs), providing the trusted execution environment and the trusted paths. In VM on which the secure OS runs, authentication credentials (e.g. Private keys) for electronic transactions and security sensitive data are stored and security sensitive processing is executed with no external network interfaces provided and only with a secure communication channel provided by mVMM. We explore the strengths and limitations of this architecture by describing and analyzing our prototype implementation and a simple mobile payment service that can be one of the important applications for the trusted execution environment. Through the architecture analysis, the proposed architecture can provide a reasonably trustworthy execution environment to a user in the run-time execution point of view.
- KSP 제안 키워드
- Electronic transactions, External Network, Hardware platform, Mobile devices, Mobile virtualization, Prototype implementation, Run time, Security requirements, Sensitive Data, Side-by-side, Trusted execution environment