Trusted Execution Environments (TEEs) such as ARM TrustZone are widely used in IoT and embedded devices to protect sensitive code and data. However, most existing defenses focus on secure boot or REE-side monitoring and provide little visibility into the runtime integrity of the TEE. This leaves TrustZone-based devices exposed to persistent TEE compromises. We propose Policy-Driven Runtime Integrity Measurement and Attestation (PDRIMA), a runtime integrity protection approach for TrustZone-based TEEs. PDRIMA systematically analyzes TEE attack surfaces and introduces two in-TEE subsystems: a Secure Monitor Agent (SMA) that performs policy-driven measurement, appraisal, logging, and time-based re-measurement over the TEE kernel, static components, user-TAs, and security-critical system calls; and a Remote Attestation Agent (RAA) that aggregates tamper-evident evidence and exposes a remote attestation protocol for verifying. We analyze PDRIMA's security against identified attack surfaces, implement a prototype on OP-TEE for Raspberry Pi 3B+, and evaluate its performance overhead to indicate its practicability.

翻译：诸如ARM TrustZone之类的可信执行环境（TEE）在物联网和嵌入式设备中被广泛用于保护敏感代码和数据。然而，现有的大多数防御措施侧重于安全启动或富执行环境（REE）侧的监控，对TEE的运行时完整性缺乏可见性。这使得基于TrustZone的设备容易遭受持久的TEE攻击。我们提出了策略驱动的运行时完整性度量与证明（PDRIMA），一种面向基于TrustZone的TEE的运行时完整性保护方法。PDRIMA系统性地分析了TEE的攻击面，并引入了两个TEE内部子系统：一个安全监控代理（SMA），负责对TEE内核、静态组件、用户可信应用（user-TAs）以及关键安全系统调用执行策略驱动的度量、评估、日志记录和基于时间的重新度量；以及一个远程证明代理（RAA），负责聚合防篡改证据并对外提供用于验证的远程证明协议。我们分析了PDRIMA针对已识别攻击面的安全性，在Raspberry Pi 3B+的OP-TEE上实现了原型系统，并评估了其性能开销以证明其实用性。