Countermeasure against Side-Channel Attack in Shared Memory of TrustZone
This addresses security vulnerabilities for mobile device users, but appears incremental as it builds on existing TrustZone and Clark-Wilson models.
The paper tackles side-channel attacks in TrustZone's shared memory by proposing zero-contention cache policies, equalized delay times, and a Clark-Wilson-based information flow control mechanism, resulting in improved integrity between REE and TEE on mobile devices.
In this paper we introduced countermeasures against side-channel attacks in the shared memory of TrustZone. We proposed zero-contention cache memory or policy between REE and TEE to prevent from TruSpy attacks in TrustZone. And we suggested that delay time of data path of REE is equal or similar to that of data path of TEE to prevent timing side-channel attacks. Also, we proposed security information flow control based on the Clark-Wilson model, and built the information flow control mechanism using Authentication Tokenization Program (ATP). Accordingly we can expect the improved integrity of the information content between REE and TEE on mobile devices.