Regulating ARM Trust Zone Devices in Restricted Spaces

  • Slides: 18
Download presentation
Regulating ARM Trust. Zone Devices in Restricted Spaces Ferdinand Brasser, Christopher Liebchen, Ahmad-Reza Sadeghi

Regulating ARM Trust. Zone Devices in Restricted Spaces Ferdinand Brasser, Christopher Liebchen, Ahmad-Reza Sadeghi Vinod Ganapathy, Liviu Iftode, Daeyoung Kim Technische Universität Darmstadt Rutgers University

2

2

Practical and Proof-Of-Concept Attacks are published 3

Practical and Proof-Of-Concept Attacks are published 3

Current Solution: Not really exciting! 4

Current Solution: Not really exciting! 4

Restricted Spaces Host needs guarantee that guest devices respect the policies A host wants

Restricted Spaces Host needs guarantee that guest devices respect the policies A host wants to define policies for smart devices of guests The guest can verify that the policies are Public notspace malicious ✘ ✘ Restricted space 5

Adversary and Trust Model • Hosts and guests are mutually-distrusting • Malicious user •

Adversary and Trust Model • Hosts and guests are mutually-distrusting • Malicious user • Malicious sensors • Malicious host (policies) • Trusted hardware module • ARM Trust. Zone 6

Phase 1 a: Check-in (Memory Examination) Vetting service Mutual Authentication Request Memory Content Forward

Phase 1 a: Check-in (Memory Examination) Vetting service Mutual Authentication Request Memory Content Forward Request Memory ✔ or ✘ Send (Kernel) Memory Image Restricted space 7

Phase 1 b: Check-in (Policy Enforcement) ✘ ✘ Vetting service Request Memory Changes Forward

Phase 1 b: Check-in (Policy Enforcement) ✘ ✘ Vetting service Request Memory Changes Forward Memory Changes ✔ or ✘ Apply Changes Restricted space 8

Phase 2: Policy Enforcement Verification Vetting service ✘ ✘ Restricted space 9

Phase 2: Policy Enforcement Verification Vetting service ✘ ✘ Restricted space 9

Phase 2: Policy Enforecmant Verification ✘ ✘ Request proof of policy compliance Verification Token

Phase 2: Policy Enforecmant Verification ✘ ✘ Request proof of policy compliance Verification Token t Request proof of policy compliance Verification Token Restricted space 10

Phase 3: 2: Check-out Policy Enforcement Verification ✘ ✘ Request proof of policy compliance

Phase 3: 2: Check-out Policy Enforcement Verification ✘ ✘ Request proof of policy compliance Verification Token Request proof of policy compliance ✘ ✘ t Verification Token Public space Restricted space 11

Phase 3: Check-out Revert Changes Public space ✘ ✘ Restricted space 12

Phase 3: Check-out Revert Changes Public space ✘ ✘ Restricted space 12

Implementation

Implementation

ARM Trust. Zone (TZ) Normal World A p p Secure World A CPU p

ARM Trust. Zone (TZ) Normal World A p p Secure World A CPU p Kernel p Library Memory Camera Microphone Wi. Fi 14

Analysis of Guest Kernel Memory App RS-App TZ Kernel Image HMAC Cam-Drv Wi. Fi-Drv

Analysis of Guest Kernel Memory App RS-App TZ Kernel Image HMAC Cam-Drv Wi. Fi-Drv Drv-N Kernel Space copy Based on prior work; see paper for details. 15

Enforcing Host Policies App RS-App TZ HMAC Cam-Drv Null-Drv Wi. Fi-Drv Drv-N Kernel Space

Enforcing Host Policies App RS-App TZ HMAC Cam-Drv Null-Drv Wi. Fi-Drv Drv-N Kernel Space copy PEE Kernel Image Null PEE: Policy Enforcement Engine 16

Evaluation • Robustness Evaluation • Samsung Galaxy Nexus • Android 4. 3 • Performance

Evaluation • Robustness Evaluation • Samsung Galaxy Nexus • Android 4. 3 • Performance Evaluation • i. MX. 53 • Android 2. 3. 4 All Apps either failed gracefully or continued to work Copy <1 s HMAC 54 sec • Trusted Computing Base • 3. 5 k. LOC: Crypto (SHA 1/HMAC/RSA/X 509) • 4. 0 k. LOC: Environment 17

Take Away & Future Research • Systematic regulation of device capabilities in restricted spaces

Take Away & Future Research • Systematic regulation of device capabilities in restricted spaces • Balance between security and privacy • Improve performance of implementation • Use hardware accelerators, multi-core systems support, etc. • Automated kernel image analysis tool • Identify relevant drivers, generation of dummy drivers • How can other humans know that policy is enforced? [Mirzamohammadi, Mobisys’ 16] 18

Angles angles arm vertex arm arm arm exteriorAngles angles arm vertex arm arm arm exterior
POLAR ZONE TEMPERATE ZONE TROPICAL ZONE TEMPERATE ZONEPOLAR ZONE TEMPERATE ZONE TROPICAL ZONE TEMPERATE ZONE
AT 91 ARM 7 ARM 9 MICROCONTROLLERS ARMAT 91 ARM 7 ARM 9 MICROCONTROLLERS ARM
ARM 1 ARM ARM Software Development Toolkit httpARM 1 ARM ARM Software Development Toolkit http
ARM architecture Advanced RISC Machine ARM registers ARMARM architecture Advanced RISC Machine ARM registers ARM
UnitI Advanced Processors ARM 7 ARM 9 ARMUnitI Advanced Processors ARM 7 ARM 9 ARM
ARM ARMAdvanced RISC Machines ARM 32RISCIP 10 ARMARM ARMAdvanced RISC Machines ARM 32RISCIP 10 ARM
UnitI Advanced Processors ARM 7 ARM 9 ARMUnitI Advanced Processors ARM 7 ARM 9 ARM
UnitI Advanced Processors ARM 7 ARM 9 ARMUnitI Advanced Processors ARM 7 ARM 9 ARM
Web Cryptography Utilizing ARM Trust Zone based TEEWeb Cryptography Utilizing ARM Trust Zone based TEE
Android Security Through ARM Trust Zone Emulation SeniorAndroid Security Through ARM Trust Zone Emulation Senior
Zone Defense Amoeba A matchup zone Why ZoneZone Defense Amoeba A matchup zone Why Zone
Zone Fredde Le Zone Fredde Nelle zone freddeZone Fredde Le Zone Fredde Nelle zone fredde
Zone Fredde Le Zone Fredde Nelle zone freddeZone Fredde Le Zone Fredde Nelle zone fredde
zone 1 zone 2 zone 3 Ocean Basezone 1 zone 2 zone 3 Ocean Base
Restricted mean survival time RMST 4 RMSTRMTL RestrictedRestricted mean survival time RMST 4 RMSTRMTL Restricted
RESTRICTED VISIBILITY NAVIGATION Collision Avoidance In Restricted VisibilityRESTRICTED VISIBILITY NAVIGATION Collision Avoidance In Restricted Visibility