Regulating ARM TrustZone Devices in Restricted Spaces

Ferdinand Brasser, Daeyoung Kim, Christopher Liebchen, Vinod Ganapathy, Liviu Iftode, Ahmad-Reza Sadeghi.

Proceedings of the 14th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2016); pages 413-425; Singapore; June 26-30, 2016.

Smart personal devices equipped with a wide range of sensors and peripherals can potentially be misused in various environments. They can be used to exfiltrate sensitive information from enterprises and federal offices or be used to smuggle unauthorized information into classrooms and examination halls. One way to prevent these situations is to regulate how smart devices are used in such restricted spaces. In this paper, we present an approach that robustly achieves this goal for ARM TrustZone-based personal devices. In our approach, restricted space hosts use remote memory operations to analyze and regulate guest devices within the restricted space. We show that the ARM TrustZone allows our approach to obtain strong security guarantees while only requiring a small trusted computing base to execute on guest devices.

Paper: [ PDF | HTML ] (© ACM)
Slides: [ PDF | Powerpoint | Powerpoint (short version) ]
DOI: [ 10.1145/2906388.2906390 ]
Video: [ YouTube ]

Papers page