Trusted Execution Environment

from Wikipedia, the free encyclopedia
This article or the following section is not adequately provided with supporting documents ( e.g. individual evidence ). Information without sufficient evidence could be removed soon. Please help Wikipedia by researching the information and including good evidence.

A Trusted Execution Environment ( TEE ) provides a safe or trustworthy runtime environment for applications. Here, a TEA isolated on a separate processor, directly (s) on the main processor of a computer system or in a the of a multiprocessor system or a one-chip system (SoC) exist. Only specially activated applications can be run on the TEE.

The TEE concept refines the concept of Trusted Computing . One or more trustworthy runtime environments can exist in parallel, as well as other insecure or unprotected environments.

Technologies

Depending on the manufacturer, there are different technologies for realizing a TEE.

Differentiation from other technologies

A hypervisor alone does not provide a TEE. While it can run different operating systems on one processor, isolation is limited to the processor. A TEE also includes peripheral devices that can differentiate between access from secure and non-secure applications or operating systems.

Even a TPM alone does not represent a TEE, since no applications can be executed on the chip itself. However, a TPM can be used by TEE, e.g. B. with Intel's TXT concept.

Chip cards , USB tokens or hardware security modules represent a TEE, but offer only limited options due to the lack of input and output components (keyboard, monitor). In addition, they are often only designed for a specific purpose and do not offer free programmability. In the case of chip cards or tokens, the lower computing power and storage capacity compared to the main processor can result in further restrictions.

Applications

TEE technology is mainly used today on smartphones and tablets , e.g. B. for DRM . The further development and standardization of this technology is of crucial importance for applications such as mobile banking and NFC payment options. The Bring your own device (BYOD) concept, the creation of a private area parallel to a secure area for company data, is also based on the TEE concept.

standardization

The industry association Global Platform , which also issues specifications for runtime environments on chip cards and, is working on the standardization of TEEs in the following areas:

  • Runtime environment for applications
  • Installation and administration of applications

A definition of the Trusted Execution Environment in the sense of GlobalPlatform was summarized in a white paper in 2011 .

As part of the Linaro initiative, there is also a working group that standardizes access to ARM TrustZone-based TEEs from Linux .

Individual evidence

  1. http://www.amd.com/us/press-releases/Pages/amd-strengthens-security-2012jun13.aspx
  2. http://www.google.de/patents/US7603550
  3. http://www.planet3dnow.de/cgi-bin/newspub/viewnews.cgi?id=1339667038
  4. http://www.arm.com/products/processors/technologies/trustzone/index.php
  5. http://www.3dcenter.org/artikel/trusted-computing-reloaded-intels-manageability-engine
  6. http://www.digitimes.com/news/a20130315PR203.html?chid=9
  7. https://www.all-about-security.de/nachrichten-aktuelles/artikel/kooperation-fuer-geschuetzt-sicherheitsan Zeiten-auf-smartpho /
  8. http://www.samsung.com/de/business/solutions-services/mobile-solutions/security/samsung-knox
  9. http://www.globalplatform.org/specificationsdevice.asp
  10. http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf
  11. http://www.linaro.org/