Securing Display Path for Security-Sensitive Applications on Mobile Devices

摘要

While smart devices based on ARM processor bring us a lot of convenience,they also become an attractive target of cyber-attacks.The threat is exaggerated as commodity OSes usually have a large code base and suffer from various software vulnerabilities.Nowadays,adversaries prefer to steal sensitive data by leaking the content of display output by a security-sensitive application.A promising solution is to exploit the hardware visualization extensions provided by modern ARM processors to construct a secure display path between the applications and the display device.In this work,we present a scheme named SecDisplay for trusted display service,it protects sensitive data displayed from being stolen or tampered surreptitiously by a compromised OS.The TCB of SecDisplay mainly consists of a tiny hypervisor and a super light-weight rendering painter,and has only~1400 lines of code.We implemented a prototype of SecDisplay and evaluated its performance overhead.The results show that SecDisplay only incurs an average drop of 3.4%.