Open AccessPosted Content
Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture
TLDR
With SPROBES, a novel primitive that enables introspection of operating systems running on ARM TrustZone hardware, it is shown that it is possible to leverage the limited TrustZone extensions to limit conventional kernel execution to approved code comprehensively.Abstract:
Many smartphones now deploy conventional operating systems, so the rootkit attacks so prevalent on desktop and server systems are now a threat to smartphones. While researchers have advocated using virtualization to detect and prevent attacks on operating systems (e.g., VM introspection and trusted virtual domains), virtualization is not practical on smartphone systems due to the lack of virtualization support and/or the expense of virtualization. Current smartphone processors do have hardware support for running a protected environment, such as the ARM TrustZone extensions, but such hardware does not control the operating system operations sufficiently to enable VM introspection. In particular, a conventional operating system running with TrustZone still retains full control of memory management, which a rootkit can use to prevent traps on sensitive instructions or memory accesses necessary for effective introspection. In this paper, we present SPROBES, a novel primitive that enables introspection of operating systems running on ARM TrustZone hardware. Using SPROBES, an introspection mechanism protected by TrustZone can instrument individual operating system instructions of its choice, receiving an unforgeable trap whenever any SPROBE is executed. The key challenge in designing SPROBES is preventing the rootkit from removing them, but we identify a set of five invariants whose enforcement is sufficient to restrict rootkits to execute only approved, SPROBE-injected kernel code. We implemented a proof-of-concept version of SPROBES for the ARM Fast Models emulator, demonstrating that in Linux kernel 2.6.38, only 12 SPROBES are sufficient to enforce all five of these invariants. With SPROBES we show that it is possible to leverage the limited TrustZone extensions to limit conventional kernel execution to approved code comprehensively.read more
Citations
More filters
Proceedings ArticleDOI
Trusted Execution Environment: What It is, and What It is Not
TL;DR: A precise definition of TEE is proposed and important concepts related to TEE, such as trust and formal verification are discussed, as well as its wide use to guarantee security in diverse applications.
Proceedings ArticleDOI
Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
Ahmed M. Azab,Peng Ning,Jitesh Shah,Quan Chen,Rohan Bhutkar,Guruprasad Ganesh,Jia Ma,Wenbo Shen +7 more
TL;DR: This paper presents the implementation and evaluation of TZ-RKP, which is currently deployed on the latest models of the Samsung Galaxy series smart phones and tablets, which clearly demonstrates that it is a practical real-world system.
Journal ArticleDOI
Smart Contract Privacy Protection Using AI in Cyber-Physical Systems: Tools, Techniques and Challenges
TL;DR: Various Artificial Intelligence (AI) techniques and tools for SC privacy protection are investigated and a case study of retail marketing is presented, which uses AI and SC to preserve its security and privacy.
Proceedings ArticleDOI
SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment
TL;DR: The design and implementation of SeCReT are presented to show how it protects the key in the REE and a security analysis was performed by using a kernel rootkit and also ran LMBench microbenchmark to evaluate the performance overhead imposed by SeC reT.
Proceedings ArticleDOI
SANCTUARY: ARMing TrustZone with User-space Enclaves
TL;DR: This work proposes SANCTUARY, the first security architecture which allows unconstrained use of TEEs in the TrustZone ecosystem without relying on virtualization, and leverages TrustZone’s versatile AddressSpace Controller, to enforce two-way hardware-level isolation.
References
More filters
Journal ArticleDOI
Xen and the art of virtualization
Paul Barham,Boris Dragovic,Keir Fraser,Steven Hand,Tim Harris,Alex Ho,Rolf Neugebauer,Ian Pratt,Andrew Warfield +8 more
TL;DR: Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacrificing either performance or functionality, considerably outperform competing commercial and freely available solutions.
Proceedings Article
A Virtual Machine Introspection Based Architecture for Intrusion Detection.
Tal Garfinkel,Mendel Rosenblum +1 more
TL;DR: This paper presents an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance, achieved through the use of a virtual machine monitor.
Proceedings ArticleDOI
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
TL;DR: A return-into-libc attack to be mounted on x86 executables that calls no functions at all is presented, and how to discover such instruction sequences by means of static analysis is shown.
Proceedings ArticleDOI
When virtual is better than real [operating system relocation to virtual machines]
Peter M. Chen,Brian D. Noble +1 more
TL;DR: This paper argues that the operating system and applications currently running on a real machine should relocate into a virtual machine, and describes three services that take advantage of this structure: secure logging, intrusion prevention and detection, and environment migration.
Journal ArticleDOI
Virtual machine monitors: current technology and future trends
Mendel Rosenblum,Tal Garfinkel +1 more
TL;DR: From this project came the people and ideas that underpinned VMware Inc., the original supplier of VMMs for commodity computing hardware, and the implications of having a VMM for commodity platforms intrigued both researchers and entrepreneurs.