You copied the Doc URL to your clipboard.

Security in an ARMv8-A system

A secure or trusted system is one that protects assets, for example passwords or credit card details from a range of plausible attacks, to prevent them from being copied or damaged, or made unavailable.

Security is defined by the principles of:

Confidentiality

Preventing unauthorized access to the asset. Confidentiality is a key security concern. There are several methods of preventing unauthorized access to the asset. For example, passwords and cryptographic keys.

Integrity

Preventing unauthorized changes to the asset using methods such as public keys.

Availability.

Ensuring that the asset comes from a trusted source and detecting unauthorized changes using firmware updates.

Defense against modification and proof of authenticity is vital for security software and on-chip secrets that are used for security. Examples of trusted systems might include password protected mobile payments, digital rights management, and e-ticketing. Security is harder to achieve in the world of open systems, you might download a wide range of software onto a platform, while inadvertently also downloading malicious or untrusted code, which can tamper with your system.

Mobile devices can be used to view videos, listen to music, play games, or for browsing the Web and accessing financial services. This requires both the user and the bank or service provider to trust the device. The device runs a complex OS with high levels of connectivity and might be vulnerable to attack by malicious software. A virus or malware that is accidentally downloaded onto the device must never be allowed access to financial services information held securely. You can achieve some measure of security through software system design, but you can obtain higher levels of protection through core and system level memory partitioning.

Software and hardware attacks can be classified into the following categories:

Software attacks

Attacks by malicious software typically do not require physical access to the device and can exploit vulnerabilities in the operating system or an application.

Simple hardware attacks

These are passive, mostly non-destructive attacks that require access to the device and exposure to the electronics, and use commonly available tools such as logic probes and JTAG run-control units.

Laboratory hardware attack

This kind of attack requires sophisticated and expensive tools, such as Focused Ion Beam (FIB) techniques or power analysis techniques, and is more commonly used against smartcard devices.

TrustZone technology is designed to protect against software attacks. Good design practice with the TrustZone Extension can also give a good defense against simple hardware attacks.

Was this page helpful? Yes No