Security best practice

Purpose

This page is not exhaustive, but covers typical best practice when writing your trusted application.

General Guidance

  • Interfaces to the TA (message passing interfaces) should:

    • Validate all input

    • Check for fault injection protection

  • Check for typical C coding problems such as memory leaks, buffer overflows, invalid pointer arithmetic, type confusion and integer overflow

  • Use only Trustonic SDK functions for Secure object manipulation

Application specific

  • Avoid hand-crafted assembly code

  • Do not use shared memory for intermediate values or for storing sensitive data

  • Data in shared buffers is properly handled

    • e.g. copied before operating in the secure world

    • avoid time of check and time of use errors

  • Keep TA code as small as possible

    • easier to review!

Miscellaneous

  • Keep your trusted application encryption key safe

  • Persist sensitive data (i.e. a key) using the secure file system

  • Advisable to use a static analysis tool for your trusted application and client application