ARM Security Technology Building a Secure System using ...

More documents

Recommendations

Info

Introduction 1.1 What is security? 1.1.1 Fundamental security properties In very abstract terms, the term security can be used to cover a number of very different underlying features of a design. However, it is essentially a property of the system which ensures that resources of value cannot be copied, damaged, or made unavailable to genuine users. Every system design will require a different set of security properties, depending on the type and value of the assets it is trying to defend against malicious attack. Asset A resource of value which is worth protecting. An asset may be a tangible object, such as a user password, or may be an intangible asset, such as network availability. To Attack The act of intentionally trying to acquire, damage or disrupt an asset which you do not have permission to access. An attack may include the use of malicious software, hardware monitoring and hardware tampering. To Defend The act of designing a system that includes hardware or software mechanisms which provide countermeasures against attacks. The fundamental security properties on which nearly every higher level property can be based are those of confidentiality and integrity. Confidentiality An asset that is confidential cannot be copied or stolen by a defined set of attacks. This property is essential for assets such as passwords and cryptographic keys. Integrity An asset that has its integrity assured is defended against modification by a defined set of attacks. This property is essential for some of the on-device root secrets on which the rest of the system security is based, and for the security software once it is running. Authenticity In some circumstances a design cannot provide integrity, so instead provides the property of authenticity. In this case the value of the asset can be changed by an attacker, but the defender will be able to detect the change before the asset is used and hence before the attack can cause a security fault. 1-2 Copyright © 2005-2009 ARM Limited. All rights reserved. PRD29-GENC-009492C Non-Confidential Unrestricted Access
1.1.2 Limitations of security solutions Introduction This property is essential for security software. If an attacker can tamper with the program code before it is loaded into a safe execution location, without being detected, then the security provided by the software can be bypassed. All security solutions are designed to defend against only a subset of the possible attacks that they may experience. Defending against all possible attacks is an impossible task; there is always someone willing to spend a significant amount of time and money to break any security scheme using very complex attacks. A design must therefore decide which assets it wants to protect, and which of the possible attacks it wants to protect the assets against. This is perhaps the most critical part of the design process; a design that protects the wrong assets against an incorrect or incomplete list of attacks can be easily broken. Taking the position that all security can be broken with enough time and money, the security requirements for a design should not be described as “impossible to bypass” but should be described in value terms: “attack A on asset B should take at least Y days and Z dollars”. If a set of countermeasures mean that a successful attack will take too long or will cost too much, then the defense is a success. Most attackers will move on to a different target if they find themselves in this situation. PRD29-GENC-009492C Copyright © 2005-2009 ARM Limited. All rights reserved. 1-3 Unrestricted Access Non-Confidential
Page 1 and 2: ARM Security Technology Building a
Page 3 and 4: Product Status This document is an
Page 5 and 6: Contents ARM Security Technology Pr
Page 7 and 8: Preface This preface introduces the
Page 9 and 10: Using this document This document i
Page 11 and 12: Feedback Feedback on this document
Page 13: Chapter 1 Introduction The chapter
Page 17 and 18: Introduction ARM TrustZone technolo
Page 19 and 20: Introduction Security requirements
Page 21 and 22: 1.3.3 How are devices attacked? Int
Page 23 and 24: Remote attacker Introduction The cl
Page 25 and 26: Chapter 2 System Security The chapt
Page 27 and 28: 2.1.1 External hardware security mo
Page 29 and 30: 2.1.3 Software virtualization Syste
Page 31 and 32: 2.2 TrustZone hardware security 2.2
Page 33 and 34: Chapter 3 TrustZone Hardware Archit
Page 35 and 36: TrustZone Hardware Architecture Whe
Page 37 and 38: 3.2.3 Memory aliasing TrustZone Har
Page 39 and 40: TrustZone Hardware Architecture The
Page 41 and 42: Example TrustZone Hardware Architec
Page 43 and 44: 3.3.3 Secure interrupts TrustZone H
Page 45 and 46: 3.3.4 Secure processor configuratio
Page 47 and 48: TrustZone Hardware Architecture Any
Page 49 and 50: 3.4 Debug architecture 3.4.1 Proces
Page 51 and 52: TrustZone Hardware Architecture If
Page 53 and 54: Chapter 4 TrustZone Hardware Librar
Page 55 and 56: TrustZone Hardware Library These br
Page 57 and 58: 4.1.3 PrimeCell DMA Controller - PL
Page 59 and 60: TrustZone Hardware Library general
Page 61 and 62: Interesting features related to Tru
Page 63 and 64: 4.3 Reuse of AMBA2 AHB IP 4.3.1 Reu
Page 65 and 66:
Chapter 5 TrustZone Software Archit
Page 67 and 68:
Secure operating system TrustZone S
Page 69 and 70:
5.2 Booting a secure system 5.2.1 B
Page 71 and 72:
Chain of trust TrustZone Software A
Page 73 and 74:
5.3 Monitor mode software 5.3.1 Con
Page 75 and 76:
5.3.3 Interrupt latency impact Trus
Page 77 and 78:
5.4 Secure software and multiproces
Page 79 and 80:
TrustZone Software Architecture Not
Page 81 and 82:
5.5.1 API availability TrustZone So
Page 83 and 84:
Chapter 6 TrustZone System Design T
Page 85 and 86:
6.2 Example use cases 6.2.1 Content
Page 87 and 88:
6.2.2 Mobile Payment TrustZone Syst
Page 89 and 90:
Assets TrustZone System Design The
Page 91 and 92:
6.3 Gadget2008 specification 6.3.1
Page 93 and 94:
TrustZone System Design is a return
Page 95 and 96:
Memory requirements 6.3.3 Mobile pa
Page 97 and 98:
Modem Cortex-R4 DMA (PL330) TZASC (
Page 99 and 100:
Chapter 7 Design Checklists The cha
Page 101 and 102:
7.2 Hardware design checklist Desig
Page 103 and 104:
7.3 Software design checklist 7.3.1
Page 105 and 106:
Glossary The items in this glossary
Page 107 and 108:
(2) The trusted virtual processor i
show all

ARM Security Technology Building a Secure System using ...

Create successful ePaper yourself

Delete template?

Save as template?