SlideShare una empresa de Scribd logo

ARM: Trusted Zone on Android

Kan-Han (John) Lu
Kan-Han (John) Lu

Introduce TEE of ARM's TrustedZone on Android

Ciencias
1 de 32
Descargar para leer sin conexión
Trusted Zone In Trusted Execution Environment (TEE) 2012/10/17 John
Preface As the mobile market matures and expands, an increasing number of security concerns demand attention. With end-users using their smart-phone for a variety of “lifestyle” applications, there is a proliferation of security needs that result from the use of an open environment. Content protection, corporate environments, connectivity, and the rise of financial transactions in the mobile market exacerbate these security concerns, which are relevant not just to the end- user. Service providers, mobile network operators, OS and application developers, device manufacturers, platform providers, and silicon vendors are all key stakeholders in this market—and thus have a vested interest in seeing proper security implemented.
Trusted Execution Environment(TEE) GlobalPlatform, the organization which standardizes the management of applications on secure chip technology, has published a white paper that outlines the benefits of introducing and standardizing the Trusted Execution Environment (TEE) in mobile devices. Trusted Zone(TZ) The security technology from ARM that enables the construction of a Normal world and a Secure world. Trusted Foundation(TF) Trusted Foundations is the leading and proven Trusted Execution Environment (TEE), which protects any application or service through hardware- based security by Trusted Logic Mobility.
Overview TrustZone® to separate the “Secure World” from the “Normal World”: ● The Secure World contains the Trusted Execution Environment that runs Secure Services; ● The Normal World runs Client Applications that access the secure services. The product includes built-in services that provide off-the-shelf security functionality, such as secure data storage and a cryptographic provider. The product also allows deployment of custom services, which can, for example, implement the heart of a Digital Rights Management scheme.
Overview
Overview
Overview
Boot Process For the overall security of the device, it is important that the device implements a Secure Boot process and that the debug interface is controlled. This usually implies that the OEM: ● burns some key and other ids during the device manufactory, ● signs the bootloader and the Trusted Foundations image with a secure boot key, ● disables the JTag interface. This list is not exhaustive; the OEM should contact Nvidia for further details on how to enable the Secure Boot proce ss and how to configure the hardware at the manufactory to reach the appropriate security level.
Boot Process
Building Secure Service
Building Secure Service
Building Secure Service
Integration into normal world OS
Texas Instruments - M-Shield Mobile Security Technology
Texas Instruments - M-Shield Mobile Security Technology
Nvidia - Tegra TEE
Nvidia - Tegra TEE
Qualcomm - SecureMSM Qualcomm SnapDragon™ provides a fully certifiable security on basis of the ARM® TrustZone® technology.
Example, Netflix Netflix revolutionizes the way people watch TV shows and movies With more than 27 million streaming members in the United States, Canada, Latin America, the United Kingdom, Ireland and the Nordics, Netflix, Inc. (NASDAQ: NFLX) is the world's leading internet subscription service for enjoying movies and TV programs. For one low monthly price, Netflix members can instantly watch movies and TV programs streamed over the internet to PCs, Macs and TVs. Among the large and expanding base of devices streaming from Netflix are the Microsoft Xbox 360, Nintendo Wii and Sony PS3 consoles; an array of Blu-ray disc players, internet-connected TVs, home theatre systems, digital video recorders and internet video players; Apple iPhone, iPad and iPod touch, as well as Apple TV and Google TV. In all, over 800 devices that stream from Netflix are available.
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix
Example, Netflix

Recomendados

LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build Tutorial
Dalton Valadares
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0
GlobalLogic Ukraine
 
Android 10
Android 10Android 10
Android 10
kpraveen_slideshare
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 

Recomendados

LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build Tutorial
Dalton Valadares
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0
GlobalLogic Ukraine
 
Android 10
Android 10Android 10
Android 10
kpraveen_slideshare
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface
Linaro
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)
Emertxe Information Technologies Pvt Ltd
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Embedded linux network device driver development
Embedded linux network device driver developmentEmbedded linux network device driver development
Embedded linux network device driver development
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
Opersys inc.
 
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
ijafrc
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
96Boards
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
Linaro
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Anne Nicolas
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
Linaro
 
Embedded Android : System Development - Part III
Embedded Android : System Development - Part IIIEmbedded Android : System Development - Part III
Embedded Android : System Development - Part III
Emertxe Information Technologies Pvt Ltd
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
Ryo Jin
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
Opersys inc.
 
Implementing a UEFI BIOS into an Embedded System
Implementing a UEFI BIOS into an Embedded SystemImplementing a UEFI BIOS into an Embedded System
Implementing a UEFI BIOS into an Embedded System
insydesoftware
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
Emertxe Information Technologies Pvt Ltd
 
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry PiRunning Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Chris Simmonds
 
Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
ForgeRock
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 

Más contenido relacionado

La actualidad más candente

SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
ijafrc
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
Linaro
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Anne Nicolas
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 

La actualidad más candente (20)

LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
Embedded linux network device driver development
Embedded linux network device driver developmentEmbedded linux network device driver development
Embedded linux network device driver development
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
 
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
Customizing AOSP For Different Embedded Devices And Integration at Applicatio...
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
 
Embedded Android : System Development - Part III
Embedded Android : System Development - Part IIIEmbedded Android : System Development - Part III
Embedded Android : System Development - Part III
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
 
Implementing a UEFI BIOS into an Embedded System
Implementing a UEFI BIOS into an Embedded SystemImplementing a UEFI BIOS into an Embedded System
Implementing a UEFI BIOS into an Embedded System
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
 
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry PiRunning Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
 

Destacado

LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 

Destacado (20)

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
Building HTML5 Chromecast Apps
Building HTML5 Chromecast AppsBuilding HTML5 Chromecast Apps
Building HTML5 Chromecast Apps
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
 
Repair dagstuhl
Repair dagstuhlRepair dagstuhl
Repair dagstuhl
 
Quality of service aware mac protocol for body sensor networks
Quality of service aware mac protocol for body sensor networksQuality of service aware mac protocol for body sensor networks
Quality of service aware mac protocol for body sensor networks
 
raonsecure_en_min
raonsecure_en_minraonsecure_en_min
raonsecure_en_min
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government Services
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
SNAPDRAGON SoC Family and ARM Architecture
SNAPDRAGON SoC Family and ARM Architecture SNAPDRAGON SoC Family and ARM Architecture
SNAPDRAGON SoC Family and ARM Architecture
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
ARM- Programmer's Model
ARM- Programmer's ModelARM- Programmer's Model
ARM- Programmer's Model
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 

Similar a ARM: Trusted Zone on Android

NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE코리아
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
BlackBerry
 
Redington Value Journal - May 2018
Redington Value Journal - May 2018Redington Value Journal - May 2018
Redington Value Journal - May 2018
Redington Value Distribution
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
TechWell
 
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...
IBM Security
 

Similar a ARM: Trusted Zone on Android (20)

NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
 
Visiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watchVisiongain publishes report on: The 100 connected car companies to watch
Visiongain publishes report on: The 100 connected car companies to watch
 
Redington Value Journal - May 2018
Redington Value Journal - May 2018Redington Value Journal - May 2018
Redington Value Journal - May 2018
 
The Impact of M2M. Use Case Example High-Impact Sports
The Impact of M2M. Use Case Example High-Impact SportsThe Impact of M2M. Use Case Example High-Impact Sports
The Impact of M2M. Use Case Example High-Impact Sports
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
 
Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)
 
Enterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile worldEnterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile world
 
Preparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of ThingsPreparing the Data Center for the Internet of Things
Preparing the Data Center for the Internet of Things
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Samsung beyond basic android online 0
Samsung beyond basic android online 0Samsung beyond basic android online 0
Samsung beyond basic android online 0
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
Securing your IoT Implementations
Securing your IoT ImplementationsSecuring your IoT Implementations
Securing your IoT Implementations
 
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...
 

Más de Kan-Han (John) Lu

Cuda project paper
Cuda project paperCuda project paper
Cuda project paper
Kan-Han (John) Lu
 
Twitter as a personalizable information service ii
Twitter as a personalizable information service iiTwitter as a personalizable information service ii
Twitter as a personalizable information service ii
Kan-Han (John) Lu
 

Más de Kan-Han (John) Lu (20)

Dagger for android
Dagger for androidDagger for android
Dagger for android
 
Android develop guideline
Android develop guidelineAndroid develop guideline
Android develop guideline
 
Working process and git branch strategy
Working process and git branch strategyWorking process and git branch strategy
Working process and git branch strategy
 
Deep neural network for youtube recommendations
Deep neural network for youtube recommendationsDeep neural network for youtube recommendations
Deep neural network for youtube recommendations
 
Android testing part i
Android testing part iAndroid testing part i
Android testing part i
 
Cuda project paper
Cuda project paperCuda project paper
Cuda project paper
 
Twitter as a personalizable information service ii
Twitter as a personalizable information service iiTwitter as a personalizable information service ii
Twitter as a personalizable information service ii
 
Multimedia data minig and analytics sentiment analysis using social multimedia
Multimedia data minig and analytics sentiment analysis using social multimediaMultimedia data minig and analytics sentiment analysis using social multimedia
Multimedia data minig and analytics sentiment analysis using social multimedia
 
Android IPC: Binder
Android IPC: BinderAndroid IPC: Binder
Android IPC: Binder
 
Android Training - Card Style
Android Training - Card StyleAndroid Training - Card Style
Android Training - Card Style
 
Android Training - View Pager
Android Training - View PagerAndroid Training - View Pager
Android Training - View Pager
 
Android Training - Sliding Menu
Android Training - Sliding MenuAndroid Training - Sliding Menu
Android Training - Sliding Menu
 
Android Training - Pull to Refresh
Android Training - Pull to RefreshAndroid Training - Pull to Refresh
Android Training - Pull to Refresh
 
Java: Exception Handling
Java: Exception HandlingJava: Exception Handling
Java: Exception Handling
 
Dynamic Proxy by Java
Dynamic Proxy by JavaDynamic Proxy by Java
Dynamic Proxy by Java
 
Code analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMDCode analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMD
 
Android UI System
Android UI SystemAndroid UI System
Android UI System
 
Android Fragment
Android FragmentAndroid Fragment
Android Fragment
 
Android Training - Content Sharing
Android Training - Content SharingAndroid Training - Content Sharing
Android Training - Content Sharing
 
Android Training - Action Bar
Android Training - Action BarAndroid Training - Action Bar
Android Training - Action Bar
 

Último

THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptxTHE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
ANSARKHAN96
 
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Silpa
 
POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.
Silpa
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
Silpa
 
Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.
Silpa
 
CYTOGENETIC MAP................ ppt.pptx
CYTOGENETIC MAP................ ppt.pptxCYTOGENETIC MAP................ ppt.pptx
CYTOGENETIC MAP................ ppt.pptx
Silpa
 

Último (20)

THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptxTHE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
THE ROLE OF BIOTECHNOLOGY IN THE ECONOMIC UPLIFT.pptx
 
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.Cyathodium bryophyte: morphology, anatomy, reproduction etc.
Cyathodium bryophyte: morphology, anatomy, reproduction etc.
 
POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.
 
Cyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptxCyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptx
 
CURRENT SCENARIO OF POULTRY PRODUCTION IN INDIA
CURRENT SCENARIO OF POULTRY PRODUCTION IN INDIACURRENT SCENARIO OF POULTRY PRODUCTION IN INDIA
CURRENT SCENARIO OF POULTRY PRODUCTION IN INDIA
 
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
Human & Veterinary Respiratory Physilogy_DR.E.Muralinath_Associate Professor....
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .
 
PSYCHOSOCIAL NEEDS. in nursing II sem pptx
PSYCHOSOCIAL NEEDS. in nursing II sem pptxPSYCHOSOCIAL NEEDS. in nursing II sem pptx
PSYCHOSOCIAL NEEDS. in nursing II sem pptx
 
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.
 
GBSN - Microbiology (Unit 3)Defense Mechanism of the body
GBSN - Microbiology (Unit 3)Defense Mechanism of the body GBSN - Microbiology (Unit 3)Defense Mechanism of the body
GBSN - Microbiology (Unit 3)Defense Mechanism of the body
 
Genetics and epigenetics of ADHD and comorbid conditions
Genetics and epigenetics of ADHD and comorbid conditionsGenetics and epigenetics of ADHD and comorbid conditions
Genetics and epigenetics of ADHD and comorbid conditions
 
FAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceFAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical Science
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
 
Dr. E. Muralinath_ Blood indices_clinical aspects
Dr. E. Muralinath_ Blood indices_clinical aspectsDr. E. Muralinath_ Blood indices_clinical aspects
Dr. E. Muralinath_ Blood indices_clinical aspects
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
 
Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.Phenolics: types, biosynthesis and functions.
Phenolics: types, biosynthesis and functions.
 
Use of mutants in understanding seedling development.pptx
Use of mutants in understanding seedling development.pptxUse of mutants in understanding seedling development.pptx
Use of mutants in understanding seedling development.pptx
 
CYTOGENETIC MAP................ ppt.pptx
CYTOGENETIC MAP................ ppt.pptxCYTOGENETIC MAP................ ppt.pptx
CYTOGENETIC MAP................ ppt.pptx
 

ARM: Trusted Zone on Android

  • 1. Trusted Zone In Trusted Execution Environment (TEE) 2012/10/17 John
  • 2. Preface As the mobile market matures and expands, an increasing number of security concerns demand attention. With end-users using their smart-phone for a variety of “lifestyle” applications, there is a proliferation of security needs that result from the use of an open environment. Content protection, corporate environments, connectivity, and the rise of financial transactions in the mobile market exacerbate these security concerns, which are relevant not just to the end- user. Service providers, mobile network operators, OS and application developers, device manufacturers, platform providers, and silicon vendors are all key stakeholders in this market—and thus have a vested interest in seeing proper security implemented.
  • 3.
  • 4. Trusted Execution Environment(TEE) GlobalPlatform, the organization which standardizes the management of applications on secure chip technology, has published a white paper that outlines the benefits of introducing and standardizing the Trusted Execution Environment (TEE) in mobile devices. Trusted Zone(TZ) The security technology from ARM that enables the construction of a Normal world and a Secure world. Trusted Foundation(TF) Trusted Foundations is the leading and proven Trusted Execution Environment (TEE), which protects any application or service through hardware- based security by Trusted Logic Mobility.
  • 5. Overview TrustZone® to separate the “Secure World” from the “Normal World”: ● The Secure World contains the Trusted Execution Environment that runs Secure Services; ● The Normal World runs Client Applications that access the secure services. The product includes built-in services that provide off-the-shelf security functionality, such as secure data storage and a cryptographic provider. The product also allows deployment of custom services, which can, for example, implement the heart of a Digital Rights Management scheme.
  • 9. Boot Process For the overall security of the device, it is important that the device implements a Secure Boot process and that the debug interface is controlled. This usually implies that the OEM: ● burns some key and other ids during the device manufactory, ● signs the bootloader and the Trusted Foundations image with a secure boot key, ● disables the JTag interface. This list is not exhaustive; the OEM should contact Nvidia for further details on how to enable the Secure Boot proce ss and how to configure the hardware at the manufactory to reach the appropriate security level.
  • 15. Texas Instruments - M-Shield Mobile Security Technology
  • 16. Texas Instruments - M-Shield Mobile Security Technology
  • 19. Qualcomm - SecureMSM Qualcomm SnapDragon™ provides a fully certifiable security on basis of the ARM® TrustZone® technology.
  • 20. Example, Netflix Netflix revolutionizes the way people watch TV shows and movies With more than 27 million streaming members in the United States, Canada, Latin America, the United Kingdom, Ireland and the Nordics, Netflix, Inc. (NASDAQ: NFLX) is the world's leading internet subscription service for enjoying movies and TV programs. For one low monthly price, Netflix members can instantly watch movies and TV programs streamed over the internet to PCs, Macs and TVs. Among the large and expanding base of devices streaming from Netflix are the Microsoft Xbox 360, Nintendo Wii and Sony PS3 consoles; an array of Blu-ray disc players, internet-connected TVs, home theatre systems, digital video recorders and internet video players; Apple iPhone, iPad and iPod touch, as well as Apple TV and Google TV. In all, over 800 devices that stream from Netflix are available.