Using intel virtualization technologies to create information protection systems based on an open portable trusted execution environment (OP-TEE)
DOI:
https://doi.org/10.30837/rt.2025.2.221.08Keywords:
OP-TEE, Intel x86, hypervisor, ARM Trust ZoneAbstract
The purpose of the article is to create an information security system based on the integration of the OP-TEE framework with Intel-x86 platforms using virtualization technologies. The subject of the study is software tools for integrating the OP-TEE framework with the Intel-x86.
The solution proposed in the article is based on the isolation of the secure world into a separate virtual machine. Hardware support is also based on the Intel x86 VT-x, but secure world exists entirely in a separate virtual machine. Thus, we have two virtual machines - one for the normal world, where the main operating system is running, and the second virtual machine for the OP-TEE. The ACRN is used as a hypervisor.
The article will be useful to specialists in the field of the information security, dealing with data protection in the operating systems of computer systems.
References
GlobalPlatform, Inc.: TEE System Architecture Version 1.2 (Nov 2018), GPD SPE 009.
ARM Security Technology, Building a Secure System using TrustZone, ARM, Technology Copyright © 2005-2009 ARM Limited. All rights reserved. PRD29-GENC-009492C.
Arshad Nehal, Priyanka Ahlawat Securing IoT applications with OP-TEE from hardware level OS: 2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA) 10.1109/ICECA.2019.8822040.
Kickstart Embedded. OP-TEE: What a Beginner Needs to Know. Sep. 13, 2022. [Online]. Available: https://kickstartembedded.com/2022/09/13/op-tee-part-1-what-a-beginner-needs-to-know/.
Intel. KGT Architecture. [Online]. Available:https://www.intel.com/content/www/us/en/developer/articles/ technical/kgt-architecture.html.
Intel. Intel Supervisor Mode Execution Protection (SMEP) Datasheet. [Online]. Available: https://edc.intel.com/content/www/us/en/design/products/platforms/processor-and-core-i3-n-series-datasheet-volume-1-of-2/001/intel-supervisor-mode-execution-protection-smep/.
Intel. ACRN Hypervisor Documentation [Online]. Available: https://eci.intel.com/docs/3.0/components/acrn-hypervisor.html.
Шулік П. В., Федюшин О.І. Організація довіренного середовища виконання з використанням QEMU та TRUST DOMAIN EXTENSIONS від INTEL // Сучасні напрями розвитку інформаційно-комунікаційних техно-логій та засобів управління : тези доп. 15-ї міжнар. наук.-техн. конф., 24–25 квітня 2025р., м. Баку, м. Харків, м. Жиліна. Т. 3. Харків : Impress, 2025. С. 97. https://doi.org/10.32620/ICT.25.t3.
Шулік П. В. Використання віртуальних машин для організації захисту інформації на платформах INTEL // Сучасні напрями розвитку інформаційно-комунікаційних технологій та засобів управління : тези доп. 15-ї міжнар. наук.-техн. конф., 24–25 квітня 2025р., м. Баку, м. Харків, м. Жиліна. Т. 3. Харків : Impress, 2025. С. 98. https://doi.org/10.32620/ICT.25.t3.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
