Multi-tiered Security Architecture for ARM via the Virtualization and Security Extensions
As the ARM architecture has become the favored platform for the fastest growing computing segment, the mobile market, establishing a sound security architecture on the platform is paramount. The frightening increase in malware for the Android and iOS platforms in addition to the adoption of ARM architectures outside of the mobile market only bolster this need. In this paper, we investigate the ARM architecture as well as its security and virtualization extensions available only on the newest generation of ARM processors. Considering these extensions, we present a concept for a multi-tiered security architecture for mobile computing devices. Our concept combines a custom TrustZone component and leverages the advanced features of the Xen hypervisor to present an all encompassing framework for all aspects of security including both load and runtime verification of critical components, strong isolation between components, and virtual machine introspection for anomaly detection.
Multi-tiered Security Architecture for ARM via the Virtualization and Security Extensions
1st Workshop on Security in highly connected IT systems
Authors: | Tamas Lengyel, Thomas Kittel, and Claudia Eckert |
Year/month: | 2014/9 |
Booktitle: | 1st Workshop on Security in highly connected IT systems |
Fulltext: | lengyelshcis2-2014.pdf |
Abstract |
|
As the ARM architecture has become the favored platform for the fastest growing computing segment, the mobile market, establishing a sound security architecture on the platform is paramount. The frightening increase in malware for the Android and iOS platforms in addition to the adoption of ARM architectures outside of the mobile market only bolster this need. In this paper, we investigate the ARM architecture as well as its security and virtualization extensions available only on the newest generation of ARM processors. Considering these extensions, we present a concept for a multi-tiered security architecture for mobile computing devices. Our concept combines a custom TrustZone component and leverages the advanced features of the Xen hypervisor to present an all encompassing framework for all aspects of security including both load and runtime verification of critical components, strong isolation between components, and virtual machine introspection for anomaly detection. |
Bibtex:
@inproceedings { lengyel2014,author = { Tamas Lengyel and Thomas Kittel and Claudia Eckert},
title = { Multi-tiered Security Architecture for ARM via the Virtualization and Security Extensions },
year = { 2014 },
month = { September },
booktitle = { 1st Workshop on Security in highly connected IT systems },
url = {https://www.sec.in.tum.de/i20/publications/multi-tiered-security-architecture-for-arm-via-the-virtualization-and-security-extensions/@@download/file/lengyelshcis2-2014.pdf}
}