隨著行動裝置的功能越來越強大,越來越多的應用程式會使用用 戶的敏感資料。為了保護這些敏感資料,許多程式開發者會把這些需 要使用敏感資料的應用程式放進可信執行環境執行(Trusted Execution Environments(TEE))。過去這幾年,許多攻擊都是針對目前市面上正在 商業化使用的可信執行環境。這些不斷的攻擊事件不禁讓我們開始擔 心可信執行環境的安全性。可以造成隱私資料外洩的堆疊溢位攻擊 (Stack buffer overflow attack) 是最常見也是最危險的一種攻擊而且同樣 會對可信執行環境造成傷害。在我們的論文中,我們實作了一塊獨立 於安全世界(Secure World) 以及正常世界(Normal World) 的實體記憶體 體空間來抵抗堆疊溢位攻擊。在可信執行環境中執行的可信執行程式 (Trusted Applications (TAs)) 可以將敏感的資料存進我們的系統中來抵 抗堆疊溢位攻擊造成的敏感資料外洩。我們的系統不會對可信執行環 境造成過多的負擔而且可以有效的保護敏感資料。;As the functions of mobile devices continue to be introduced, more and more applications in mobile devices access the user?s sensitive data. In order to protect these sensitive data, many developers will put application that need to access user?s sensitive data into Trusted Execution Environments (TEEs) for execution. In the past few years, many attack aimed at the commercial TEE currently in use on the market. These endless attacks have made us worry about whether the security of TEE will be challenged. Stack buffer overflow attacks which makes sensitive data leakage is the most common and arguably the most dangerous attack and this attack also caused considerable damage to TEE. In this paper, we implemented an isolated physical memory outside Secure World and Normal World to resist stack buffer overflow attack. Trusted Applications (TAs) in TEE can seal their sensitive data in our system to prevent Stack buffer overflow attacks which makes sensitive data leakage. Our system will not cause too much overhead to TEE and can effectively protect the sensitive data.
