Linaro Connect San Diego 2019 has ended
Linaro Connect resources will be available here during and after Connect!

Booking Private Meetings
Private meetings are booked through san19.skedda.com and your personal calendar (i.e. Google Calendar). View detailed instructions here.

For Speakers
Please add your presentation to your session by attaching a pdf file to your session (under Manage Session > + Add Presentation). We will export these presentations daily and feature on the connect.linaro.org website here. Videos will be uploaded as we receive them (if the video of your session cannot be published please let us know immediately by emailing connect@linaro.org).

Dave’s Puzzle - linaro.co/san19puzzle

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security [clear filter]
Friday, September 27

11:30am PDT

SAN19-513 Rust TrustZone SDK: Enabling Safe, Functional, and Ergonomic Development of Trustlets
ARM TrustZone shields the most critical security components from the normal world legacy OS, which grows larger and more complex over time and has become quite difficult to harden. However, in recent years we have also witnessed memory exploits targeting TrustZone systems as well. Such vulnerabilities can be utilized by the attackers as the bridge to further subvert the secure OS, thus take over the whole device.

As an important mission of the open source project under the MesaTEE platform, we aim to bring memory safety to ARM TrustZone. In particular, we enabled Rust programming for Trustlets, making them immune to memory exploits by nature while preserving native execution speed. Unlike the previous attempts, Rust OP-TEE TrustZone SDK is the first to:

- utilize the Rust programming language's security checks and type checks, so that developers can never misuse;
- enable Rust standard library and millions of Rust crates/libraries for developing Trustlets, so that developers can conveniently leverage the existing rich Rust ecosystem;
- provide automatic Trustlet lifecycle management via the "resource allocation is initialisation" (RAII) design pattern, preventing errors where a resource is not finalised and where a resource is used after finalisation, so that developers no longer bother calling session/context related APIs manually.

We will present our current implementation based on OP-TEE (complying to the GlobalPlatform TEE specifications), and will provide demonstrations for popular TrustZone applications like secure storage, key management, device identification, authentication, DRM, etc. Most importantly, we revolutionarily provide support for trusted and secure machine learning computation in TrustZone. To our best knowledge, we are the first to offer safe, fast, functional, and ergonomic development for Trustlets.

avatar for Mingshen Sun

Mingshen Sun

Security Researcher, Baidu X-Lab
Mingshen Sun is a senior security researcher of Baidu X-Lab at Baidu USA. He received his Ph.D. degree in Computer Science and Engineering from The Chinese University of Hong Kong. His interests lie in solving real-world security problems related to system, mobile, IoT devices and... Read More →

Friday September 27, 2019 11:30am - 11:55am PDT
Pacific Room (Keynote)

Filter sessions
Apply filters to sessions.
  • 96Boards
  • AI/Machine Learning
  • Android
  • Automation & CI
  • Autonomous Vehicles
  • Big Data
  • Boot Architecture
  • Data Center
  • Food and Beverage
  • HPC
  • IoT and Embedded
  • IoT Fog/Gateway/Edge Computing
  • Keynote
  • Linux Kernel
  • Multimedia
  • Networking
  • Notices
  • Open Source Development
  • Other
  • Power Management
  • Security
  • Social
  • Tools
  • Validation and CI