Aster: Fixing the Android TEE Ecosystem with Arm CCA

TL;DR

Aster introduces a novel approach leveraging Arm CCA hardware features to achieve mutual isolation among Android, hypervisors, and secure worlds, enhancing security in the Android ecosystem.

Contribution

Aster repurposes Arm CCA hardware enforcement to provide sandboxed execution with mutual isolation, addressing limitations of existing TrustZone and hypervisor-based solutions.

Findings

Successfully implemented Aster demonstrating feasibility.

Protected existing Android case studies with hypervisor vulnerabilities.

Achieved secure communication between sandboxed execution and Android.

Abstract

The Android ecosystem relies on either TrustZone (e.g., OP-TEE, QTEE, Trusty) or trusted hypervisors (pKVM, Gunyah) to isolate security-sensitive services from malicious apps and Android bugs. TrustZone allows any secure world code to access the normal world that runs Android. Similarly, a trusted hypervisor has full access to Android running in one VM and security services in other VMs. In this paper, we motivate the need for mutual isolation, wherein Android, hypervisors, and the secure world are isolated from each other. Then, we propose a sandboxed service abstraction, such that a sandboxed execution cannot access any other sandbox, Android, hypervisor, or secure world memory. We present Aster which achieves these goals while ensuring that sandboxed execution can still communicate with Android to get inputs and provide outputs securely. Our main insight is to leverage the hardware isolation offered by Arm Confidential Computing Architecture (CCA). However, since CCA does not satisfy our sandboxing and mutual isolation requirements, Aster repurposes its hardware enforcement to meet its goals while addressing challenges such as secure interfaces, virtio, and protection against interrupts. We implement Aster to demonstrate its feasibility and assess its compatibility. We take three case studies, including one currently deployed on Android phones and insufficiently secured using a trusted hypervisor, to demonstrate that they can be protected by Aster.