A Trusted Computing Framework for Embedded Systems

ABSTRACT: The damage and loss caused by attacks and security breaches have drawn attentions to develop secure and reliable systems for embedded systems. Compared to their desktop counterparts, embedded devices are facing more security challenges, such as the more possible physical access to a target device and more constrained computing environment (e.g., limited RAM and CPU power). Together, these challenges lead to a favorable hardware/software co-design approach to deal with security issues for embedded systems. This proposal presents a trustful computing framework based on ARMfs TrustZone for embedded systems. Our framework is a hybrid approach consisted of both hardware and software components. The trustworthy of our approach roots from a hardware-based ARMfs TrustZone enabled device. In our Phase I implementation, we implemented a preliminary prototype and demonstrated its feasibility to protect embedded system. In Phase II, we will extend TCES to support multicore platforms, more advanced target OS and fortify the security. BENEFIT: The proposed effort directly supports DoD Net-centric Warfare (NCW) efforts to provide tomorrowfs warfighters with the capability to access information they need at anytime and anyplace. Embedded system becomes a key portal into the Information Technology infrastructure in the NCW concept. The TCES framework will improve the embedded system security. It has a great potential to be used in a large variety of military embedded systems/applications. Besides, embedded system enables a large number of civilian applications, ranging from large SCADA systems, to communication devices such as cell phones and radios, and to smart sensors such as meters, radars, cameras. Ensure the security of embedded system applications is a critical element. The proposed TCES framework can potentially improve existing embedded system applications by enhancing their security protection. In addition, mobile platform (e.g. smartphones, tablets) continues to gain popularity in civilian domains, and military also has an increasing interest in adopting the commercial success of smart devices. Mobile threats are becoming increasingly prolific in mobile applications. This increase in mobile malware has driven a nascent yet dynamic market in mobile security products and services, and the developed technology will show its great potential in this market.