DBStore: A TrustZone-backed Database Management System for Mobile Applications

Pedro S. Ribeiro, Nuno Santos, Nuno O. Duarte

2018

Abstract

ARM TrustZone technology has been widely use to enhance the security of mobile devices by allowing for the creation of Trusted Execution Environments (TEE). However, existing TEE solutions tend to struggle with a trade-off between security and functionality: they either expose a larger attack surface to favor dynamic code loading inside the TEE, or depend on the static deployment of trusted services inside the TEE which is more cumbersome and error-prone to maintain. This paper proposes the deployment of a trusted service which aims to serve a broad range of applications by offering secure database storage capability inside the TEE. We present DBStore, a TrustZone-backed database management system for mobile applications. Applications can create and operate DBStore databases inside a TEE that provides confidentiality and integrity protection of databases and respective SQL queries without depending on the integrity of the mobile OS. We present a case study where DBStore is used in order to thwart existing attacks in HCE-based mobile ticketing applications.

Download


Paper Citation


in Harvard Style

S. Ribeiro P., Santos N. and O. Duarte N. (2018). DBStore: A TrustZone-backed Database Management System for Mobile Applications.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT, ISBN 978-989-758-319-3, pages 396-403. DOI: 10.5220/0006883603960403


in Bibtex Style

@conference{secrypt18,
author={Pedro S. Ribeiro and Nuno Santos and Nuno O. Duarte},
title={DBStore: A TrustZone-backed Database Management System for Mobile Applications},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,},
year={2018},
pages={396-403},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006883603960403},
isbn={978-989-758-319-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,
TI - DBStore: A TrustZone-backed Database Management System for Mobile Applications
SN - 978-989-758-319-3
AU - S. Ribeiro P.
AU - Santos N.
AU - O. Duarte N.
PY - 2018
SP - 396
EP - 403
DO - 10.5220/0006883603960403