Embedded systems are often used to monitor and control various dynamic and complex applications. However, with greater accessibility and added features on many embedded systems, more and more systems are being subject to sophisticated and new types of attacks. As a result, the security aspect of embedded systems has become critical design step. TrustZone has become a popular choice for security design solution in systems where resources such as processing power, battery are limited. In TrustZone, two virtual processors called "secure world" and “normal world” run on the same core in a time sliced manner. These worlds have partitioned hardware and software resources, with different modes of operation, isolated memory regions and interrupts. In this paper, the hardware and software architecture of TrustZone is analyzed from the perspective of embedded system security design. Then a mobile-ticketing system based on TrustZone is presented which incorporates standard cryptographic engineering design practices to demonstrate the feasibility and effectiveness of such system. The ticketing system is then simulated and security threat analysis is performed in terms known vulnerabilities such as Buffer Overflow, Static and dynamic code/data tampering, Return Oriented Programming (ROP) exploits, and Man-in-the middle attacks. After evaluating the analysis results with various open source vulnerability analysis tools, it is conclusive that the system design is an effective solution particularly for embedded systems.
Agile Development Methodology for Embedded Systems: A Platform-Based Design Approach