Building a Trustworthy Execution Environment 2 to Defeat Exploits from both Cyber Space

6 Abstract—The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. However, 7 the smartness comes at the cost of multi-vector security exploits. From cyber space, a compromised operating system could access all 8 the data in a cloud-aware IoT device. From physical space, cold-boot attacks and DMA attacks impose a great threat to the unattended 9 devices. In this paper, we propose TrustShadow that provides a comprehensively protected execution environment for unmodified 10 application running on ARM-based IoT devices. To defeat cyber attacks, TrustShadow takes advantage of ARM TrustZone 11 technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted 12 execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system. The 13 runtime system does not provide system services itself. Rather, it forwards them to the untrusted normal-world OS, and verifies the 14 returns. The runtime system further employs a page based encryption mechanism to ensure that all the data segments of a 15 security-critical application appear in ciphertext in DRAM chip. When an encrypted data page is accessed, it is transparently decrypted 16 to a page in the internal RAM, which is immune to physical exploits.