RustZone: Writing Trusted Applications in Rust

Conference:  BlackHat EU 2018



The presentation discusses the use of trust execution environments and the potential of Rust as a replacement for C in certain applications.
  • Trust execution environments are useful but not a silver bullet for security
  • Rust is a potential replacement for C in certain applications due to its ability to compile straight down with no Lib C
  • Memory safety and other language features make Rust a useful language
  • Secure storage in trusted execution environments is possible through processor features and configuration
  • Arm's trusted execution environment defines two worlds, normal and secure, with restricted access to hardware, memory, and code
  • Access to peripherals is available from the normal world
The speaker explains that the information on how to restrict access to hardware, memory, and code in trusted execution environments is often not publicly available and requires signing NDAs. This makes it difficult for individuals who are not big clients to access this information.


Trusted Execution Environments (TEEs) are present in many devices today, and are used to perform security critical computation in an isolated environment. ARM's TrustZone is one of the most widely used TEEs in the world today, present in nearly every modern Android device.TrustZone allows developers to write applications that run in a "Secure World" with hardware isolation of resources. Most implementations use a Trusted Operating System to run multiple Trusted Applications.However, Trusted Applications are still written in C, and many common classes of vulnerabilities have been found in these applications. While TrustZone provides isolation of resources, it cannot prevent against vulnerable code.In this talk, we will explore using the Rust language to write a Trusted Application. Rust allows developers to write system level code, but provides security features including memory safety, type safety, and error handling. These are desirable features for development of Trusted Applications.We will begin with an overview of TrustZone and Rust language, then show how Rust can be used to develop a Trusted Application. To conclude, we will demo a Trusted Application on real TrustZone hardware.