NDSS 2025 – Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读用户提供的文章内容,找出关键信息。
文章标题是“TZ-DATASHIELD: 自动化嵌入式系统数据保护”,看起来是关于数据保护的技术。作者们来自几个大学,研究领域可能涉及计算机安全和嵌入式系统。
文章提到,随着嵌入式系统在医疗、工业自动化和无人驾驶等关键领域的应用增加,保护微控制器单元(MCUs)上的数据变得至关重要。这些系统面临计算能力和能源限制,这使得维护数据的机密性和完整性更具挑战性。
之前的方法使用了隔间化技术来保护敏感数据,但仍然容易受到特权软件攻击的威胁。因此,作者提出了TZ-DATASHIELD,这是一个基于LLVM编译器的工具,增强了ARM TrustZone的安全性。
TZ-DATASHIELD通过敏感数据流(SDF)隔间化来实现更细粒度的保护,并开发了一种新的TEE内部隔离机制,在运行时验证隔间对TEE资源的访问。这有助于减少内存占用和ROP gadget的数量,同时引入了可接受的运行时开销。
总结下来,文章的主要内容是介绍一种新的自动化数据保护方法,用于增强嵌入式系统的安全性。这种方法通过细粒度的隔间化和改进的隔离机制来对抗强攻击者,并且在实际应用中表现良好。
现在我需要将这些要点浓缩到100字以内。重点包括:TZ-DATASHIELD的作用、它如何增强TrustZone、解决的问题以及带来的好处。同时要保持语言简洁明了。
</think>
该研究提出了一种名为TZ-DATASHIELD的新方法,通过基于数据流的隔间化技术增强ARM TrustZone,为嵌入式系统提供自动化数据保护,有效应对强攻击者威胁,并显著减少TEE中的内存占用和ROP gadget数量。
2025-12-28 16:0:0
Author: securityboulevard.com(查看原文)
阅读量:0
收藏
NDSS 2025 – Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Zelun Kong (University of Texas at Dallas), Minkyung Park (University of Texas at Dallas), Le Guan (University of Georgia), Ning Zhang (Washington University in St. Louis), Chung Hwan Kim (University of Texas at Dallas)
PAPER
TZ-DATASHIELD: Automated Data Protection For Embedded Systems Via Data-Flow Based Compartmentalization
As reliance on embedded systems grows in critical domains such as healthcare, industrial automation, and unmanned vehicles, securing the data on micro-controller units (MCUs) becomes increasingly crucial. These systems face significant challenges related to computational power and energy constraints, complicating efforts to maintain the confidentiality and integrity of sensitive data. Previous methods have utilized compartmentalization techniques to protect this sensitive data, yet they remain vulnerable to breaches by strong adversaries exploiting privileged software. In this paper, we introduce TZ-DATASHIELD, a novel LLVM compiler tool that enhances ARM TrustZone with sensitive data flow (SDF) compartmentalization, offering robust protection against strong adversaries in MCU-based systems. We address three primary challenges: the limitations of existing compartment units, inadequate isolation within the Trusted Execution Environment (TEE), and the exposure of shared data to potential attacks. TZ-DATASHIELD addresses these challenges by implementing a fine-grained compartmentalization approach that focuses on sensitive data flow, ensuring data confidentiality and integrity, and developing a novel intra-TEE isolation mechanism that validates compartment access to TEE resources at runtime. Our prototype enables firmware developers to annotate source code to generate TrustZone-ready firmware images automatically. Our evaluation using real-world MCU applications demonstrates that TZ-DATASHIELD achieves up to 80.8% compartment memory and 88.6% ROP gadget reductions within the TEE address space. It incurs an average runtime overhead of 14.7% with CFI and DFI enforcement, and 7.6% without these measures.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
