Overview of System-Level Security Technologies based on ARM TrustZone

Abstract

With the rapid development of embedded technology and the increasing complexity of system functionality, there is a growing need for a trusted computing environment to ensure the security, integrity, and reliability of sensitive information. Systems not only need to protect the security of sensitive application code but also ensure the isolation of their execution process to prevent attacks and data theft. Traditional system protection is achieved by using security mechanisms that run in the same address space and privilege level as the kernel. However, this approach is not sufficiently secure as attackers who compromise the kernel can also compromise these security mechanisms. To achieve true kernel and critical data protection, security mechanisms need to be isolated. Therefore, building a trusted isolation runtime environment in the system is crucial for system security. TrustZone technology, developed by ARM, is a system-level security isolation framework capable of defending against various potential attacks. this paper provides an overall overview of different security isolation technologies. By concentrating on the principles and characteristics of ARM TrustZone, the paper conducts an in-depth analysis of system security isolation technology based on TrustZone. Finally, considering the existing security issues in the field of trusted execution environments, the paper presents prospects for the future development of this technology.