Biblio

As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.

The increased heterogeneity and dynamism of new computing paradigms and especially of ubiquitous computing models is boosting the need for auto-configurable systems. In these new scenarios, heterogeneity and dynamism are inherent properties and applications are built by aggregating distributed information and services that are not under the control of a single entity. Furthermore, the current trend towards distributed computing poses important problems related to the need to transmit large amounts of data between the distributed nodes of the computing system; the control over the information; and the flexibility to adapt to heterogeneous client requirements. These characteristics are difficult to manage by traditional computing models. For these reasons, the mobile agent paradigm is gaining momentum and the interest of researchers and industry in this paradigm is increasing. In this paper we present a solution to provide a secure and auto-configurable environment for mobile agents in ubiquitous computing scenarios. Our approach is based on two main building blocks: trusted platforms and profiles.

The realization of the Ambient Intelligence concept entails many important challenges, but the most important barriers to this realization is the lack of adequate support for security. In this paper we present a conceptual model of our solution for building secure systems for AmI environments, taking as basis the concept of Security and Dependability (S&D) Pattern as a precise representation of validated S&D solutions and mechanisms. The main elements embedded in our solution framework (S&D library, monitoring interface and S&D Manager) are presented both conceptually, and also using a simple example scenario based on an hospital AmI environment.

Ubiquitous environments have several drawbacks to be solved. Most of them are focused on security, and relevant ones are authorization and authentication. Amongst the essential elements to adequately provide solutions, we can find profiles. A profile can be defined as a repository to store structured data from users, networks, devices, applications, etc. As profiles are needed in ubiquitous environments, and these need of secure management as well, in this paper, we provide some initial guidance on the security storage of profiles and on security levels needed for each type of profile. Additionally, we review different alternatives to bear profiles, concluding that smartcards are the most suitable devices.