Securing a communication channel for the trusted execution environment.

As a security extension to processor, ARM TrustZone has been widely adopted for various mobile and IoT devices. The protection is conducted by separating the system into two domains: the rich execution environment (REE) and the trusted execution environment (TEE). Although the TEE effectively isolates the critical resources based on hardware access control technologies, the communication channel between the REE and the TEE has been regarded as vulnerable and exploited by attackers to deliver malicious messages to the TEE, which undermines the entire TEE security. SeCReT (NDSS 15) introduced the first solution to protect the communication channel. Unfortunately, this method has several challenges associated with it, making it difficult to deploy the solution in production devices. This study illustrates such challenges in terms of performance and security. In addition, a design optimization of the initial version of SeCReT is proposed to mitigate these challenges and evaluated to highlight its effectiveness.