CaSE: Cache-Assisted Secure Execution on ARM Processors
read more
Citations
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs.
SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
BRIoT: Behavior Rule Specification-Based Misbehavior Detection for IoT-Embedded Cyber-Physical Systems
References
Lest we remember: cold-boot attacks on encryption keys
Flicker: an execution infrastructure for tcb minimization
Shielding Applications from an Untrusted Cloud with Haven
TrustVisor: Efficient TCB Reduction and Attestation
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
Related Papers (5)
Frequently Asked Questions (15)
Q2. What is the key enabler of ARM architecture?
ARM architecture offers the ability to lock down cache entries so that system developers can optimize the cache performance on embedded devices.
Q3. Why is the ciphertext used to store the encrypted text?
Due to the close locality between the ciphertext and plaintext, the cache lines that were filled with the encrypted text will be used by the processor to store the decrypted text.
Q4. Why is the security of memory provided by CaSE so important?
Due to the lack of hardware support automatic encryption/decryption like Intel SGX [20], the cryptographic protection for memory has to be provided by CaSE.
Q5. How does the application run in the secure world?
After being decrypted completely within the secure cache, the application will run in the secure world until it finishes and sends the results to the normal world.
Q6. Why do the authors use the cache invalidation method?
The authors choose to use the cache invalidation method because it can be used to verify that no sensitive context information is leaked to the memory.
Q7. What is the reason why the attacker can't modify the value in the DRAM circuit?
Since a cold boot attack physically removes DRAM chip from the system, the authors assume it will be too difficult for the attacker to modify the value in DRAM circuit without interrupting the operation of the system.
Q8. Why is the lack of hardware supported enclave triggered by the software?
Due to the lack of hardware supported enclave such as Intel SGX [20], memory encryption and decryption will be triggered by the software.
Q9. What is the purpose of the page fault handling routine?
In order to provide seamless support for memory paging into and out of the SoC boundary, the page fault handling routine has to be interposed.
Q10. How do the authors solve the problem of memory write in ARM?
The authors solve this problem by redirecting memory write to the second level unified cache, where the cache lines are used for both instruction and data.
Q11. How long does the kernel check take to complete?
The entire kernel check takes 0.02 second to complete, and the application context saving time is 94 μs.2) CaSE Secure Application Performance: Using the crypto library as a case study for the CaSE secure execution mode, the authors measure the benchmarks for a secure cache execution similar to the normal cache execution.
Q12. What is the security configuration register in the CP15 coprocessor?
The security configuration register (SCR) in the CP15 coprocessor is one of the registers that can only be accessed while the processor is in the secure world.
Q13. Why does the rich OS attempt to use cache maintenance instruction to evict the secure cache?
Because of this design choice, the rich OS may also attempt to use cache maintenance instruction to evict the secure cache out to DRAM, and then use cold boot attack to read out the DRAM contents.
Q14. What is the way to protect the normal cache from a compromised rich OS?
2) Execution Flow Using Normal Cache: Since the normal cache can be read, flushed or invalidated by the rich OS, it seems difficult, if not impossible, to protect normal cache from a compromised rich OS.
Q15. How does the CaSE controller load the encrypted application in the secure cache?
when a request to run a secure application is received, the CaSE controller loads the encrypted application in the secure cache.