Security requires attention. Anyone who has forgotten to lock their front door because they were distracted by an incoming call can attest to this. The condensation of virtually everything into a single device—the smartphone—has normalized deviant behaviors that create security risks. For example, many smartphone users conduct secure transactions while juggling several other apps, thus creating opportunities for adversaries to exploit human error. Furthermore, both secure and insecure code run on a smartphone's common CPU, thus exposing user secrets to a large and complex attack surface with multiple microarchitectural side channels. This article proposes partitioning a set of secure applications into a physically separate device that is designed using security-first principles. We call this device “Betrusted.” Putting secure apps on a separate screen helps users focus on their secure transactions while minimizing attack surfaces and eliminating microarchitectural sidechannels.

中文翻译：

---

值得信赖：通过物理分区提高安全性


安全需要引起重视。任何因接到来电而分心而忘记锁前门的人都可以证明这一点。几乎所有东西都集中到一个设备（智能手机）中，这使得造成安全风险的异常行为正常化。例如，许多智能手机用户在处理其他几个应用程序的同时进行安全交易，从而为对手创造了利用人为错误的机会。此外，安全和不安全的代码都在智能手机的通用 CPU 上运行，从而将用户秘密暴露给具有多个微架构侧通道的大型且复杂的攻击面。本文建议将一组安全应用程序划分到一个物理上独立的设备中，该设备是使用安全第一原则设计的。我们将此设备称为“值得信赖”。将安全应用程序放在单独的屏幕上可以帮助用户专注于安全交易，同时最大限度地减少攻击面并消除微架构侧通道。