The proliferation in recent years in the popularity of mobile devices has carried with it an increasing risk of infection, often through cybercrime instigated through phishing or other end user attack intended to deceive the user into allowing access to sensitive data. A variety of exploit modes is used, for example, spoofed work-related emails, spoofed social media emails with malicious links, “likejacking,” “clickjacking” and so forth.
The current state of the art offers “dual persona” methods that separate data segments and seek to prevent one segment from accessing another. These have been shown to be ineffective when malware is able to gain privileges to roam within the device and even access network data, which can lead to large-scale enterprise breach.
A method is needed to provide uncompromising data separation within a device, which is now provided by the present invention.
FIG. 2 (background art) illustrates ARMv6 and greater processors Privilege Levels (PL), processor modes and types of software running with corresponding privileges (see ARM Architecture Reference Manuals). The ARM CPU architecture supports multiple PL that number from the lowest PL, the Non-secure state PL0 (203) that is often described as Unprivileged or User mode.
Every memory access has corresponding access privilege. For example, software executing at PL0 privilege level makes only unprivileged memory accesses. Memory access is configured through ARM Memory Management Unit (MMU) (see ARM Cortex-A series processor Technical Reference Manuals), TrustZone Address Space Controller (TZASC) (see CoreLink TrustZone Address Space Controller TZC-380 Technical Reference Manual) and TrustZone Protection Controller (TZPC) (see PrimeCell Infrastructure AMBA 3 TrustZone Protection Controller Technical Overview) or through vendor specific Security Extension hardware modules, for example Central Security Unit (CSU) in iMX6 Freescale processor (see i.MX 6Dual/6Quad Applications Processor Reference Manual).
Software executing at privileged modes in the Non-secure state PL1 (204) can access most features of the ARM processor, and can change the configuration settings for those features, except for certain features added by the Virtualization and Security Extensions that are only accessible at PL2 or in Secure state.
Software executing at PL1 makes privileged memory accesses by default, but can also make unprivileged access.
The Virtualization Extensions further extend the processor architecture to provide virtualization capabilities. Software executing at PL2 in Hyp mode (205) can perform all of the operations accessible at PL1, and can access additional virtualization functionality. PL2 mode is normally used by a hypervisor (215) that controls, and can switch between OS's (213-214), that execute at PL1.
Some of the ARM processor implementations do not include the Virtualization Extensions and have only two privilege levels, PL0 and PL1. The present invention does not require Virtualization Extensions and it includes embodiments with and without Virtualization Extensions.
The ARM Security Extensions extend the processor architecture to provide hardware security features that support the development of secure applications, by providing two processor security states. Common OS's (213-214) and user applications (211-212) are running in Normal World when the processor is in Non-secure state (201). A Secure OS or module (209) and its trusted applications (210) are running in Secure World when the processor is in Secure state (202). The most important system control resources are only accessible from the Secure World.
Some of the ARM processor implementations do not include the Security Extensions. The present invention is applicable only to computer systems based on ARM processors with Security Extensions.
Each security state has its own system registers and memory address space. The execution privilege levels are defined independently in each security state. There is no relationship between the Secure PL0 (207), Secure PL1 (208) and Non-secure PL0 (203), Non-secure PL1 (204) privilege levels.
The Monitor mode (206) exists only in the Secure state, and supports transitions between Secure and Non-secure state. Software Context switcher (216) running in Monitor mode has access to both the Secure and Non-secure copies of system registers.
Secure Monitor Call (SMC) is available only from software executing at Non-secure PL1 mode or higher. A SMC call from Non-secure PL1 mode could be intercepted by Hypervisor Trap (221) and processed inside hypervisor. A SMC is always taken to Secure Monitor mode. Interrupt Requests (IRQ), Fast Interrupt Requests (FIQ), and External abort exceptions can be configured to be taken to Secure Monitor mode.
It is important that Non-secure PL2 mode is less privileged than the Secure PL1 mode. Secure PL1 mode can change the configuration and control settings for Non-secure operation in all modes, but Non-secure modes can never change the configuration and control settings for Secure World.
The present invention provides requirements for software running in the Secure World and optionally in the Hyp mode. Thus while the main purpose of ARM Security Extensions is isolation between Normal and Secure Worlds, the present invention provides the innovative approach to employ these Security Extensions to isolate OSs running within the Normal World.
FIG. 3 (background art) illustrates a generic method of memory access control based on CPU modes. In ARM architecture it is possible to set access rights to different memory regions (305-310) from system memory map (304) for different CPU mode sets (301-303). To achieve this several hardware modules are integrated into processor: MMU, TZASC and TZPC. Additionally, several processor manufactures added their own extensions to enhance memory control functionality. For example, as mentioned before, Freescale iMX6 processor uses CSU instead of TZPC to provide more granular access control and additional security functionality.
The most common is the MMU and it is currently using in all popular OSs to separate system and user applications memory. The MMU is controlled by system control registers that can also disable the MMU. When the MMU is enabled, the processor works with virtual addresses and MMU works with memory system to translate virtual addresses to physical addresses. MMU divides memory into pages (4 KB, 64 KB, 1 MB, and 16 MB) and each page can have its own memory access attributes.
The ARM processor enhanced with Security Extensions has a separate and independent MMU for Secure and Normal Worlds.
The ARM processor has two stages MMU in Normal World when it is enhanced with Virtualization Extensions. Instead of direct translation from a virtual address to a physical address, the MMU performs first stage translation from a virtual address to an Intermediate Physical Address (IPA) according to MMU settings at Normal World PL1 and then performs second stage translation from IPA to a physical address according to MMU settings at Normal World PL2. This allows effective hypervisor memory management systems to be built.
The purpose of a TZASC module is separation of Secure World memory from Normal World memory. It works with random-access memory (RAM) only and can be configured from Secure World only. As the MMU, it divides memory into regions and each region has its own memory access control attributes. The TZASC works totally independently from MMU even when MMU is disabled. The TZASC works with physical addresses and doesn't have any MMU virtual address awareness.
Although the main purpose of TZASC is the memory separation between Secure and Normal Worlds the presented invention employs the TZASC module to implement memory separation between different Normal World OS's on the computing systems that does not use Virtualization Extensions, doing so in the following way: during switching between OS's, the deactivating OS memory is marked as Secure and the activating OS memory is marked as Normal World memory. This method prevents unauthorized RAM access from one Normal World OS to another Normal World OS.
The same method can be used on computing systems that use Virtualization Extensions of an ARM processor. Combined with two stages of the MMU, it will allow layered memory access control and can prevent some of the attacks that target hypervisors. In this case, a hypervisor scheduler is running in Secure World and performs TZASC configuration and other tasks are running in the less privileged PL2 mode.
Since the TZASC module works only with RAM, the TZPC is used to control access between Secure and Normal Worlds for memory regions where peripheral hardware device controllers and interfaces are mapped. Also TZPC is used to control on-chip RAM access control in some ARM processors implementations. The TZPC could be configured from Secure World only. Different ARM processors have different peripheral devices and interfaces, so TZPC regions are predefined and implementation dependent and only access rights to these regions can be changed in the runtime.
Despite the fact that TZPC settings are recommended to be set at the boot time only (see Section 3 Functional description of PrimeCell Infrastructure AMBA 3 TrustZone Protection Controller Technical Overview) and it is used to separate access to devices between Secure and Normal World, the present invention reconfigures TZPC in the runtime and uses TZPC to provide controlled access to peripheral devices and maintain the isolation between OS's running in Normal World. These methods are further discussed in the FIG. 5-7 descriptions.