Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
76 lines (76 sloc) 3.78 KB
youtube_video_url amazon_s3_presentation_url amazon_s3_video_url categories description image session_attendee_num session_id session_room session_slot session_speakers session_track tag tags title
san19
ARM TrustZone shields the most critical security components from the normal world legacy OS, which grows larger and more complex over time and has become quite difficult to harden. However, in recent years we have also witnessed memory exploits targeting TrustZone systems as well. Such vulnerabilities can be utilized by the attackers as the bridge to further subvert the secure OS, thus take over the whole device.<br /> <br /> As an important mission of the open source project under the MesaTEE platform, we aim to bring memory safety to ARM TrustZone. In particular, we enabled Rust programming for Trustlets, making them immune to memory exploits by nature while preserving native execution speed. Unlike the previous attempts, Rust OP-TEE TrustZone SDK is the first to:<br /> <br /> - utilize the Rust programming languages security checks and type checks, so that developers can never misuse;<br /> - enable Rust standard library and millions of Rust crates/libraries for developing Trustlets, so that developers can conveniently leverage the existing rich Rust ecosystem;<br /> - provide automatic Trustlet lifecycle management via the "resource allocation is initialisation" (RAII) design pattern, preventing errors where a resource is not finalised and where a resource is used after finalisation, so that developers no longer bother calling session/context related APIs manually.<br /> <br /> We will present our current implementation based on OP-TEE (complying to the GlobalPlatform TEE specifications), and will provide demonstrations for popular TrustZone applications like secure storage, key management, device identification, authentication, DRM, etc. Most importantly, we revolutionarily provide support for trusted and secure machine learning computation in TrustZone. To our best knowledge, we are the first to offer safe, fast, functional, and ergonomic development for Trustlets.
featured path
true
/assets/images/featured-images/san19/SAN19-513.png
37
SAN19-513
Pacific Room (Keynote)
end_time start_time
2019-09-27 11:55:00
2019-09-27 11:30:00
speaker_bio speaker_company speaker_image speaker_location speaker_name speaker_position speaker_url speaker_username
Baidu X-Lab
/assets/images/speakers/placeholder.jpg
Mingshen Sun
Security Researcher
bob608
speaker_bio speaker_company speaker_image speaker_location speaker_name speaker_position speaker_url speaker_username
/assets/images/speakers/san19/mingshen-sun
Hong Kong
Mingshen Sun
mingshensun
speaker_bio speaker_company speaker_image speaker_location speaker_name speaker_position speaker_url speaker_username
Mingshen Sun is a senior security researcher of Baidu X-Lab at Baidu USA. He received his Ph.D. degree in Computer Science and Engineering from The Chinese University of Hong Kong. His interests lie in solving real-world security problems related to system, mobile, IoT devices and cars. He maintains and actively contributes to several open source projects in Rust such as the MesaLock Linux project, MesaPy, and YogCrypt.
/assets/images/speakers/san19/mingshen-sun.jpg
Mingshen Sun
Security Researcher, Baidu X-Lab
sunmingshen
Security
session
Open Source Development
Security
SAN19-513 - Rust TrustZone SDK: Enabling Safe, Functional, and Ergonomic Development of Trustlets
You can’t perform that action at this time.