Hypervision across worlds: Real-time kernel protection from the ARM trustzone secure world

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2014, Pages 90-102

  Azab, Ahmed M ^a   Ning, Peng ^a,b   Shah, Jitesh ^a   Chen, Quan ^b   Bhutkar, Rohan ^a   Ganesh, Guruprasad ^a   Ma, Jia ^a   Shen, Wenbo ^b  

^a SAMSUNG RESEARCH AMERICA   (United States)

^b North Carolina State University   (United States)

Author keywords

ARM TrustZone; Integrity monitoring; Kernel protection

Indexed keywords

ARM PROCESSORS; SMARTPHONES;

ARM TRUSTZONE; INTEGRITY MONITORING; KERNEL PROTECTION; REAL-TIME PROTECTION; SECURITY CHALLENGES; SECURITY MONITORS; SECURITY SERVICES; TRUSTED COMPUTING BASE; REAL-WORLD SYSTEM;

FUNCTION EVALUATION;

EID: 84910673981     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2660267.2660350     Document Type: Conference Paper

References (58)

1. Android rooting method: Motochopper. http://hexamob.com/how-to-root/motochopper-method.
2. CVE-2007-4993: Xen guest root can escape to domain 0 through pygrub. https://bugzilla.redhat.com/show-bug.cgi?id=CVE-2007-4993.
3. CVE-2008-2100: VMware buffer overflows in VIX API let local users execute arbitrary code. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100.
4. CVE-2013-6432. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6432.
5. How to root my Android device using vRoot. http://http://androidxda.com/download-vroot.
6. Vulnerability in xenserver could result in privilege escalation and arbitrary code execution. http://support.citrix.com/article/CTX118766.
7. Xbox 360 hypervisor privilege escalation vulnerability. http://www.securityfocus.com/archive/1/461489.
8. Advanced Micro Devices. AMD64 architecture programmer's manual: Volume 2: System programming, September 2007.
9. ARM Ltd. TrustZone. http://www.arm.com/products/processors/technologies/trustzone.php.
10. ARM Ltd. ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition, 2012.
11. A. M. Azab and P. Ning. Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices, Feb. 6 2014. WO Patent App. PCT/US2013/000,074.
12. A. M. Azab, P. Ning, E. C. Sezer, and X. Zhang. HIMA: A hypervisor-based integrity measurement agent. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC '09), pages 193-206, 2009.
13. A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10), pages 38-49, 2010.
14. A. Baliga, V. Ganapathy, and L. Iftode. Automatic inference and enforcement of kernel data structure invariants. In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC '08), pages 77-86, 2008.
15. J. Bickford, R. O'Hare, A. Baliga, V. Ganapathy, and L. Iftode. Rootkits on smart phones: Attacks, implications and opportunities. In Proceedings of the Eleventh Workshop on Mobile Computing Systems and Applications (HotMobile '10), pages 49-54, 2010.
16. E. Buchanan, E. Roemer, H. Shacham, and S. Savage. When good instructions go bad: generalizing return-oriented programming to RISC. In Proceedings of the 15th ACM conference on Computer and communications security (CCS '08), pages 27-38, 2008.
17. Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng. ROPecker: A generic and practical approach for defending against ROP attacks. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS '14), 2014.
18. S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. SecureME: a hardware-software approach to full system security. In Proceedings of the international conference on Supercomputing (ICS '11), pages 108-119, 2011.
19. J. Criswell, N. Dautenhahn, and V. Adve. KCoFI: Complete control-flow integrity for commodity operating system kernels. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014.
20. J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve. Secure virtual architecture: a safe execution environment for commodity operating systems. In Proceedings of the 21st ACM SIGOPS symposium on Operating systems principles (SOSP '07), pages 351-366, 2007.
21. L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nürnberger, and A.-R. Sadeghi. Mocfi: A framework to mitigate control-flow attacks on smartphones. In Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS'12), 2012.
22. F. M. David, E. M. Chan, J. C. Carlyle, and R. H. Campbell. Cloaker: Hardware supported rootkit concealment. In Proceedings of the 29th IEEE Symposium on Security and Privacy. IEEE, 2008.
23. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM symposium on Operating systems principles (SOSP '03), pages 193-206, 2003.
24. T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the 10th Network and Distributed Systems Security Symposium (NDSS '03), pages 191-206, 2003.
25. X. Ge, H. Vijayakumar, and T. Jaeger. SPROBES: Enforcing kernel code integrity on the trustzone architecture. In Proceedings of the 2014 Mobile Security Technologies (MoST) workshop, 2014.
26. E. Göktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control Overcoming control-flow integrity. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014.
27. G. Hotz. towelroot. https://towelroot.com/.
28. R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th USENIX Security Symposium, 2009.
29. Intel Corporation. Trusted eXecution Technology preliminary architecture specification and enabling considerations, 2006.
30. X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07), pages 128-138, 2007.
31. S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau. Antfarm: tracking processes in a virtual machine environment. In Proceedings of the annual conference on USENIX '06 Annual Technical Conference (ATEC '06), pages 1-1, 2006.
32. V. P. Kemerlis, G. Portokalidis, and A. D. Keromytis. kGuard: Lightweight kernel protection against return-to-user attacks. In Proceedings of the 21st USENIX Security Symposium, 2012.
33. C. Kil, E. C. Sezer, A. M. Azab, P. Ning, and X. Zhang. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In Proceedings of the 39th International Conference on Dependable Systems and Networks (DSN'09), 2009.
34. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (SOSP '09), pages 207-220, 2009.
35. K. Kourai and S. Chiba. Hyperspector: virtual distributed monitoring environments for secure intrusion detection. In Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments (VEE '05), pages 197-207, 2005.
36. M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter. L4android: A generic operating system framework for secure smartphones. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '11), 2011.
37. A. Lineberry. Malicious code injection via /dev/mem. Black Hat Europe, 2009.
38. L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor support for identifying covertly executing binaries. In Proceedings of the 17th USENIX Security Symposium, pages 243-258, 2008.
39. Z. Liu, J. Lee, J. Zeng, Y. Wen, Z. Lin, and W. Shi. Cpu transparent protection of os kernel and hypervisor integrity with programmable dram. In Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13), 2013.
40. J. McCune, Y. Li, N. Qu, A. Datta, V. Gligor, and A. Perrig. Efficient TCB reduction and attestation. In the 31st IEEE Symposium on Security and Privacy, May 2010.
41. J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: an execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference on Computer Systems (EuroSys), 2008.
42. H. Moon, H. Lee, J. Lee, K. Kim, Y. Paek, and B. B. Kang. Vigilare: Toward snoop-based kernel integrity monitor. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12), 2012.
43. B. D. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In Proceedings of the 29th IEEE Symposium on Security and Privacy, pages 233-247, 2008.
44. N. L. Petroni Jr. and M. Hicks. Automated detection of persistent kernel control-flow attacks. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07), pages 103-115, 2007.
45. J. Rhee, R. Riley, D. Xu, and X. Jiang. Defeating dynamic data kernel rootkit attacks via VMM-based guest-transparent monitoring. In Proceedings of the International Conference on Availability, Reliability and Security (ARES '09), pages 74-81, 2009.
46. D. Rosenberg. QSEE TrustZone kernel integer over flow vulnerability. In Black Hat conference, 2014.
47. Samsung. White paper: An overview of Samsung KNOX, 2013.
48. Secunia. Vulnerability report: VMware ESX server 3.x. http://secunia.com/advisories/product/10757/.
49. Secunia. Xen multiple vulnerability report. http://secunia.com/advisories/44502/.
50. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles (SOSP '07), pages 335-350, 2007.
51. H. Shacham. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and Communications Security (CCS '07), pages 552-561, 2007.
52. M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure in-vm monitoring using hardware virtualization. In Proceedings of the 16th ACM conference on Computer and communications security (CCS '09), pages 477-487, 2009.
53. U. Steinberg and B. Kauer. NOVA: a microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European conference on Computer systems (EuroSys'10), pages 209-222. ACM, 2010.
54. S. Vogl, J. Pfoh, T. Kittel, and C. Eckert. Persistent data-only malware: Function hooks without code. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS'14), 2014.
55. J. Wang, A. Stavrou, and A. K. Ghosh. HyperCheck: A hardware-assisted integrity monitor. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID'10), September 2010.
56. R. Wojtczuk and J. Rutkowska. Xen 0wning trilogy. In Black Hat conference, 2008.
57. C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical control flow integrity and randomization for binary executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy, 2013.
58. V. Zimmer and Y. Rasheed. Hypervisor runtime integrity support. US Patent 20090164770, June 2009.