Trust-E: A Trusted Embedded Operating System Based on the ARM Trustzone

Abstract

Security is an emerging topic in the field of embedded devices. ARM Trust Zone is a technology used to increase security of embedded systems using the ARM processor, the most common processor for embedded consumer devices. Trust zone is a hardware isolation mechanism that improves software security without the need for extra hardware chips. It separates critical applications from the normal (rich) OS, by supporting unsecure and secure worlds running in independent and isolated execution environments. In order to activate the Trust Zone, a full Trusted Execution Environment (TEE) ecosystem must be implemented. This paper presents a trusted embedded operating system architecture, Trust-E, based on the ARM Trust Zone processor that implements the TEE. Our proposed framework's design and implementation is not only for ARM Trust Zone Processors, but also for other processors that have similar features with spatial isolation functions. We also designed and implemented this framework, including the implementation of the trusted kernel, T-OS, running in the TEE, to support secure services and communication mechanism. Finally we have developed a demo of a mobile payment application to demonstrate the correctness and effectiveness of these approaches, using Android as the rich OS and the SMDK210 development board. The amount of experiment results show these approaches we proposed can effectively meet user's security requirement.