3142                                  Journal of Software  软件学报 Vol.31, No.10, October 2020

          [49]    Zhao SJ, Zhang QY, Qin Y, Feng W, Feng DG. Minimal kernel: An operating system architecture for TEE to resist board level
              physical attacks. In: Proc. of the 22nd Int’l Symp. on Research in Attacks, Intrusions and Defenses (RAID). USENIX Association,
              2019. 105–120.
          [50]    Colp P, Zhang JW, Gleeson J, Suneja S, De Lara E, Raj H, Saroiu S, Wolman A. Protecting data on smartphones and tablets from
              memory attacks. In: Proc. of the 20th Int’l Conf. on Architectural Support for Programming Languages and Operating Systems
              (ASPLOS). ACM, 2015. 177–189. [doi: 10.1145/2694344.2694380]
          [51]    Zhao SJ, Zhang QY, Hu GY, Qin Y, Feng DG. Providing root of trust for ARM TrustZone using on-chip SRAM. In: Proc. of the
              4th Int’l Workshop on Trustworthy Embedded Devices (TrustED). ACM, 2014. 25–36. [doi: 10.1145/2666141.2666145]
          [52]    Zhao SJ, Zhang QY, Qin Y, Feng W, Feng DG. SecTEE: A software-based approach to secure enclave architecture using TEE. In:
              Proc. of the 26th ACM SIGSAC Conf. on Computer and Communications Security (CCS). ACM, 2019. 1723–1740. [doi: 10.1145/
              3319535.3363205]
          [53]    Dautenhahn  N, Kasampalis T,  Dietz W, Criswell J,  Adve V.  Nested kernel:  An operating system  architecture for intra-kernel
              privilege separation. In: Proc. of the 20th Int’l Conf. on Architectural Support for Programming Languages and Operating Systems
              (ASPLOS). ACM, 2015. 191–206. [doi: 10.1145/2775054.2694386]
          [54]    Azab AM, Swidowski K, Bhutkar R, Ma J, Shen WB, Wang RW, Ning P. SKEE: A lightweight secure kernel-level execution
              environment for ARM. In: Proc. of the 23rd Annual Network and Distributed System Security Symp. (NDSS). Internet Society,
              2016. [doi: 10.14722/ndss.2016.23009]
          [55]    Cho Y, Kwon D, Yi H, Peak Y. Dynamic virtual address range adjustment for intra-level privilege separation on ARM. In: Proc.
              of the 24th Annual Network and Distributed System Security Symp. (NDSS). Internet Society, 2017. [doi: 10.14722/ndss.2017.
              23024]
          [56]    Li WH, Xia YB, Lu L, Chen HB, Zang BY. TEEv: Virtualizing trusted execution environments on mobile platforms. In: Proc. of
              the 15th  ACM SIGPLAN/SIGOPS Int’l  Conf. on Virtual  Execution  Environments (VEE).  ACM, 2019. 2–16. [doi: 10.1145/
              3313808.3313810]
          [57]    Gassend B, Suh GE, Clarke D, Van Dijk M, Devadas S. Caches and hash trees for efficient memory integrity verification. In:
              Proc. of the 9th Int’l Symp. on High-performance Computer Architecture (HPCA). IEEE, 2003. 295–306. [doi: 10.1109/HPCA.
              2003.1183547]
          [58]    Heninger N, Shacham H. Reconstructing RSA private keys from random key bits. In: Proc. of the 29th Annual Int’l Cryptology
              Conf. (CRYPTO). Berlin, Heidelberg: Springer-Verlag, 2009. 1–17. [doi: 10.1007/978-3-642-03356-8_1]
          [59]    Piegdon DR, Pimenidis L. Targeting physically addressable memory. In: Proc. of the 4th Int’l Conf. on Detection of Intrusions
              and Malware, and Vulnerability Assessment (DIMVA). Berlin, Heidelberg: Springer-Verlag, 2007. 193–212. [doi: 10.1007/978-3-
              540-73614-1_12]
          [60]    Parker TP, Xu SH. A method for safekeeping cryptographic keys from memory disclosure attacks. In: Proc. of the 1st Int’l Conf.
              on Trusted Systems (INTRUST). Berlin, Heidelberg: Springer-Verlag, 2009. 39–59. [doi: 10.1007/978-3-642-14597-1_3]
          [61]    Li CW, Lin JQ, Cai QW, Luo B. Peapods: OS-independent memory confidentiality for cryptographic engines. In: Proc. of the 16th
              IEEE Int’l Conf. on Parallel and Distributed Processing with Applications (ISPA). IEEE, 2018. 862–869. [doi: 10.1109/BDCloud.
              2018.00128]
          [62]    Intel Corporation. Intel® 64 and IA-32 architectures software developer’s manual—Volume 1: Basic architecture. 2019. https://
              software.intel.com/sites/default/files/managed/a4/60/253665-sdm-vol-1.pdf
          [63]    Müller T, Dewald A, Freiling FC. AESSE: A cold-boot resistant implementation of AES. In: Proc. of the 3rd European Workshop
              on System Security (EUROSEC). ACM, 2010. 42–47. [doi: 10.1145/1752046.1752053]
          [64]    Müller T, Freiling FC, Dewald A. TRESOR runs encryption securely outside RAM. In: Proc. of the 20th USENIX Security Symp.
              (USENIX Security). USENIX Association, 2011. 251–266. [doi: 10.5555/2028067.2028084]
          [65]    Simmons P. Security through Amnesia: a software-based solution to the cold boot attack on disk encryption. In: Proc. of the 27th
              Annual Computer Security Applications Conf. (ACSAC). ACM, 2011. 73–82. [doi: 10.1145/2076732.2076743]
          [66]    Pabel J. FrozenCache: Mitigating cold-boot attacks for full-disk-encryption software. In: Proc. of the 27th Chaos Communication
              Congress (CCC). 2010.
          [67]    Götzfried J, Müller T. ARMORED: CPU-bound encryption for Android-driven ARM devices. In: Proc. of the 8th Int’l Conf. on
              Availability, Reliability and Security (ARES). IEEE, 2013. 161–168. [doi: 10.1109/ARES.2013.23]