Automated Partitioning of Android Applications for Trusted Execution Environments

Abstract

The co-existence of critical and non-critical applications on computing devices, such as mobile phones, is becoming commonplace. The sensitive segments of a critical application should be executed in isolation on Trusted Execution Environments (TEE) so that the associated code and data can be protected from malicious applications. TEE is supported by different technologies and platforms, such as ARM Trustzone, that allow logical separation of "secure" and "normal" worlds. We develop an approach for automated partitioning of critical Android applications into "client" code to be run in the "normal" world and "TEE commands" encapsulating the handling of confidential data to be run in the "secure" world. We also reduce the overhead due to transitions between the two worlds by choosing appropriate granularity for the TEE commands. The advantage of our proposed solution is evidenced by efficient partitioning of real-world applications.