Minimum Viable Device Drivers for ARM TrustZone

10/15/2021
by   Liwei Guo, et al.
0

While TrustZone can isolate IO hardware, it lacks drivers for modern IO devices. Rather than porting drivers, we propose a novel approach to deriving minimum viable drivers: developers exercise a full driver and record the driver/device interactions; the processed recordings, dubbed driverlets, are replayed in the TEE at run time to access IO devices. Driverlets address two key challenges: correctness and expressiveness, for which they build on a key construct called interaction template. The interaction template ensures faithful reproduction of recorded IO jobs (albeit on new IO data); it accepts dynamic input values; it tolerates nondeterministic device behaviors. We demonstrate driverlets on a series of sophisticated devices, making them accessible to TrustZone for the first time to our knowledge. Our experiments show that driverlets are secure, easy to build, and incur acceptable overhead (1.4x -2.7x compared to native drivers). Driverlets fill a critical gap in the TrustZone TEE, realizing its long-promised vision of secure IO.

READ FULL TEXT
research
05/10/2019

Hardware/Software Co-monitoring

Hardware/Software (HW/SW) interfaces, mostly implemented as devices and ...
research
11/14/2014

Glider: A GPU Library Driver for Improved System Security

Legacy device drivers implement both device resource management and isol...
research
11/27/2012

Automatic Verification of Message-Based Device Drivers

We develop a practical solution to the problem of automatic verification...
research
12/12/2021

Secure Routine: A Routine-Based Algorithm for Drivers Identification

The introduction of Information and Communication Technology (ICT) in tr...
research
02/19/2018

Simulating the Ridesharing Economy: The Individual Agent Metro-Washington Area Ridesharing Model

The ridesharing economy is experiencing rapid growth and innovation. Com...
research
12/23/2013

Transparent Checkpoint-Restart for Hardware-Accelerated 3D Graphics

Providing fault-tolerance for long-running GPU-intensive jobs requires a...

Please sign up or login with your details

Forgot password? Click here to reset