The Android ecosystem relies on either TrustZone (e.g., OP-TEE, QTEE, Trusty) or trusted hypervisors (pKVM, Gunyah) to isolate security-sensitive services from malicious apps and Android bugs. TrustZone allows any secure world code to access the normal world that runs Android. Similarly, a trusted hypervisor has full access to Android running in one VM and security services in other VMs. In this paper, we motivate the need for mutual isolation, wherein Android, hypervisors, and the secure world are isolated from each other. Then, we propose a sandboxed service abstraction, such that a sandboxed execution cannot access any other sandbox, Android, hypervisor, or secure world memory. We present Aster which achieves these goals while ensuring that sandboxed execution can still communicate with Android to get inputs and provide outputs securely. Our main insight is to leverage the hardware isolation offered by Arm Confidential Computing Architecture (CCA). However, since CCA does not satisfy our sandboxing and mutual isolation requirements, Aster repurposes its hardware enforcement to meet its goals while addressing challenges such as secure interfaces, virtio, and protection against interrupts. We implement Aster to demonstrate its feasibility and assess its compatibility. We take three case studies, including one currently deployed on Android phones and insufficiently secured using a trusted hypervisor, to demonstrate that they can be protected by Aster.

翻译：Android生态系统依赖TrustZone（例如OP-TEE、QTEE、Trusty）或可信虚拟机监视器（pKVM、Gunyah）来隔离安全敏感服务与恶意应用及Android系统漏洞。TrustZone允许任何安全世界代码访问运行Android的正常世界。类似地，可信虚拟机监视器可完全访问运行于某个虚拟机中的Android及其他虚拟机中的安全服务。本文论证了双向隔离的必要性，即Android、虚拟机监视器与安全世界需实现相互隔离。继而提出沙盒化服务抽象模型，确保沙盒化执行环境无法访问其他沙盒、Android系统、虚拟机监视器或安全世界内存。我们提出Aster系统，在实现上述目标的同时保证沙盒化执行环境仍能与Android安全通信以获取输入并提供输出。核心创新在于利用Arm机密计算架构（CCA）提供的硬件隔离机制。然而由于CCA无法满足沙盒化与双向隔离需求，Aster通过重构其硬件强制机制达成目标，并解决了安全接口、virtio及中断防护等挑战。我们实现Aster原型验证其可行性并评估兼容性，通过三个案例研究（包括当前已部署于Android手机但采用可信虚拟机监视器防护不足的实例）论证Aster可有效提供安全防护。