Agile Approach on the Performance Prediction of ARM TrustZone-based Mandatory Access Control Security Enhancement - Citegraph

Paper Info

Title
Agile Approach on the Performance Prediction of ARM TrustZone-based Mandatory Access Control Security Enhancement

Abstract
Mandatory Access Control (MAC) is one of the most important security mechanisms of Linux, but it may be threatened by vulnerabilities in kernel space. Currently, the ARM TrustZone-based MAC (TZ-MAC) security enhancement method has been proposed to protect the key security function of MAC with the hardware-based trusted execution environment. However, given that each call to the hook set of the TZ-MAC security modules will cause switching between the normal and secure worlds of ARM TrustZone, the specific design of the TZ-MAC framework will substantially affect system performance, and may even be considerably slow to prevent the security module from being applied. Therefore, when researchers design a security module, they need an agile method to predict the performance cost brought by the hook set realized, to assist the optimization of the design scheme and improve system performance. This study presents a performance prediction method of TZ-MAC based on the statistical analysis of the Linux Security Modules (LSM) hook calls. This method is universal for different TZ-MAC frameworks, security modules, and benchmarks. Moreover, the proposed method can predict only the performance based on the security module design of TZ-MAC, and the implementation of the module is not needed. An agile approach of performance prediction for TZ-MAC is conducted based on the performance prediction method. For two different TZ-MAC implementation ideas, we constructed prediction data sets based on the classic benchmarks, namely, LMbench and UnixBench, and verified the effectiveness of our method. The tests based on the security module SELinux show that over 50% of the overhead is caused by 3% of the LSM hook functions, which indicates the direction for future optimization.

Year	DOI	Venue
2021	10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00150	19TH IEEE INTERNATIONAL SYMPOSIUM ON PARALLEL AND DISTRIBUTED PROCESSING WITH APPLICATIONS (ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM 2021)
Keywords	DocType	ISSN
Performance Evaluation, TrustZone, Mandatory Access Control	Conference	2158-9178
Citations	PageRank	References
0	0.34	0
Authors
7

Authors (7 rows)

Cited by (0 rows)

References (0 rows)

Name	Order	Citations	PageRank
Zhipeng Li	1	0	0.34
Yan Ding	2	5	4.46
Xiaofan Chen	3	0	0.34
Pan Dong	4	9	2.49
Chenlin Huang	5	48	8.83
Liantao Song	6	0	0.34
Peng Wang	7	0	0.34

1