Design and Implement of TEE-Based Trusted Storage System

doi:10.12068/j.issn.1005-3026.2019.08.004

Abstract

Abstract: Based on the analysis of currently mainstream trusted storage system(TSS)， we design and implement a trusted execution environment(TEE)-based TSS， which conforms to Global Platform(GP)standard. Our TSS provides not only authorized encryption，the integrity and consistency of data， but also many security storage operation properties such as atomicity operations of persistent object. In order to improve the read/write performance of big data， a new method is proposed for dynamically allocating continuous memory in REE’s kernel memory space and mapping the address to the TEE through communication pipe. This method can reduce switching times， allocating memory times and copy memory overloads between two worlds. The experiments show that our system has an 8% to 10% performance improvement compared with related trusted storage systems.

Key words: trusted storage, trusted execution environment, GP standard, storage features

CLC Number:

TP311

ZHANG Qiang， QIAO Jian-zhong. Design and Implement of TEE-Based Trusted Storage System[J]. Journal of Northeastern University Natural Science, 2019, 40(8): 1080-1086.

References

[1]The MITRE Corporation.CVE-2015-4421［EB/OL］.［2018-05-10］.http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2015-4421.
[2]The MITRE Corporation.CVE-2014-4322［EB/OL］.［2018-05-10］.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4322.
[3]The MITRE Corporation.CVE-2015-4422［EB/OL］.［2018-05-10］.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4422.
[4]Yang H J，Costan V，Zeldovich N，et al.Authenticated storage using small trusted hardware［C］ // Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop.New York:ACM，2013:35-46.
[5]Park S W，Lim J D，Kim J N.A secure storage system for sensitive data protection based on mobile virtualization［J］.International Journal of Distributed Sensor Networks，2015，11(2):929380.
[6]GP.GlobalPlatform made simple guide:secure element［EB/OL］.［2018-06-13］.http://www.global-platform.org/mediaguideSE.asp.
[7]Zhang X，Acimez O，Seifert J P.A trusted mobile phone reference architecture via secure kernel［C］ // Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing.New York:ACM，2007:7-14.
[8]Winter J.Trusted computing building blocks for embedded linux-based ARM trustzone platforms［C］ // Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing.New York:ACM，2008:21-30.
[9]Dietrich K，Winter J.Towards customizable，application specific mobile trusted modules［C］//Proceedings of the Fifth ACM Workshop on Scalable Trusted Computing.Chicago:ACM，2008:21-30.
[10]Fitzek A.Development of an ARM TrustZone aware operating system ANDIX OS ［EB/OL］.［2018-05-09］.https://pure.tugraz.at/ws/portalfiles/portal/1937540/AndixOS_Final.pdf.
[11]Ekberg J E，Kostiainen K，Asokan N.Trusted execution environments on mobile devices［C］//Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.Bernlin:ACM，2013:1497-1498.
[12]Santos N，Raj H，Saroiu S，et al.Using ARM TrustZone to build a trusted language runtime for mobile applications［J］.ACM SIGARCH Computer Architecture News，2014，42(1):67-80.
[13]Linaro.LAS16-504:Secure storage updates in OP-TEE ［EB/OL］.［2018-05-18］.http://connect.linaro.org/resource/las16/las16-504.
[14]Forissier J.Optee.secure storage［EB/OL］.［2018-05-07］.https://www.slideshare.net/linaroorg/las16504-secure-storage-updates-in-optee.
[15]Hein D，Winter J，Fitzek A.Secure block device:secure，flexible，and efficient data storage for ARM TrustZone Systems［C］ // Trustcom/BigDataSE/ISPA.Washington DC:IEEE，2015:222-229.
[16]Li X，Hu H，Bai G，et al.Droidvault:a trusted data vault for Android devices［C］ // Engineering of Complex Computer Systems(ICECCS).Tianjin:Engineering of Complex Computer Systems(ICECCS)，2014:29-38.
[17]IETF.PKCS #5:Password-based cryptography specification:PBKDF2.［EB/OL］.Version 2.0.［2018-05-10］.https://tools.ietf.org/html/rfc2898/#section-5.
[18]Microsoft.Atomic-writes-in-a-file ［EB/OL］.［2018-05-18］.https://blogs.msdn.microsoftcom/adioltean/2005/12/28/how-to-do-atomic-writes-in-a-file.