SuiT: Secure User Interface Based on TrustZone

摘要

In lots of security-aware scenarios, trusted user interface (TUI) is indispensable. For example, before signing a payment information, user needs to approve the information. Digital right management (DRM) related applications also need TUI supporting. Although current mobile platforms have provided TEE (Trusted Execution Environment) OS to support trusted applications running, introducing additional drivers into TEE OS is not very secure. The additional drivers may increase the code size of TEE OS and expand the attack surface. In this paper, we present a novel secure UI framework called SuiT based on ARM TrustZone hardware security extension. A secure UI driver and a shadow UI driver are implemented in the normal world. In the secure world, only additional switching code is introduced. When an application needs to interact with user in a trustworthy way, the shadow UI driver will take the place of original UI driver to complete the user interaction. During the UI driver switching process, a temporary trusted execution environment for secure UI driver is dynamically built by the switching code in the secure world. The trusted execution environment ensures that the secure UI driver is executed in a secure way and the potential attacks from rich OS can not tamper with the process of user interaction. We also implement a prototype of SuiT based on Android system and Freescale ARM processor with TrustZone extension. Experimental results demonstrate that SuiT can work well with negligible overhead.