Regulating ARM TrustZone devices in restricted spaces

MobiSys 2016 - Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Volumn , Issue , 2016, Pages 413-425

  Brasser, Ferdinand ^a   Kim, Daeyoung ^b   Liebchen, Christopher ^a   Ganapathy, Vinod ^b   Iftode, Liviu ^b   Sadeghi, Ahmad Reza ^a  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b RUTGERS UNIVERSITY   (United States)

Author keywords

ARM TrustZone; Mobile device security; Restricted spaces

Indexed keywords

MOBILE DEVICES;

ARM TRUSTZONE; MOBILE DEVICE SECURITY; PERSONAL DEVICES; REMOTE MEMORY; RESTRICTED SPACES; SENSITIVE INFORMATIONS; STRONG SECURITIES; TRUSTED COMPUTING BASE;

ARM PROCESSORS;

EID: 84979895566     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2906388.2906390     Document Type: Conference Paper

References (61)

1. Hex-rays software: About IDA. https://www.hex-rays.com/products/ida/index.shtml.
2. SSL Library ARM mbed TLS/PolarSSL. https://tls.mbed.org.
3. ARM security technology - Building a secure system using TrustZone technology, 2009. ARM Technical Whitepaper. http://infocenter.arm.com/help/topic/com.arm.doc. prd29-genc-009492c/PRD29-GENC-009492C-trustzone-security-whitepaper.pdf.
4. VMware news release -Verizon Wireless and VMware securely mix the professional and personal mobile experience with dual persona Android devices, October 2011. http://www.vmware.com/company/news/releases/vmw-vmworld-emea-verizon-joint-10-19-11.html.
5. N. Anderson and V. Strauss. Cheating concerns force delay in SAT scores for South Koreans and Chinese. In Washington Post, October 30, 2014.
6. J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh. Cells: A virtual mobile smartphone architecture. In ACM Symposium on Operating Systems Principles, 2011.
7. N. Asokan, J-E. Ekberg, K. Kostiainen, A. Rajan, C. Rozas, A.-R. Sadeghi, S. Schulz, and C. Wachsmann. Mobile trusted computing. Proceedings of the IEEE, 102(8), August 2014.
8. The InfiniBand Trade Association. The InfiniBandTM architecture specification. http://www.infinibandta.org.
9. A. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across Worlds: Real-time kernel protection from the ARM TrustZone secure world. In ACM Conference on Computer and Communications Security, 2014.
10. A. Baliga, V. Ganapathy, and L. Iftode. Detecting kernel-level rootkits using data structure invariants. IEEE Transactions on Dependable and Secure Computing, 8(5), 2011.
11. A. Baliga, P. Kamat, and L. Iftode. Lurking in the shadows: Identifying systemic threats to kernel data. In IEEE Symposium on Security & Privacy, 2007.
12. A. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: Trading privacy for application functionality on smartphones. In ACM HotMobile, 2010.
13. Blackberry. Enterprise mobility management - Devices, Apps, Content. Productivity Protected. http://us.blackberry.com/enterprise/solutions/emm.html.
14. A. Bohra, I. Neamtiu, P. Gallard, F. Sultan, and L. Iftode. Remote repair of operating system state using backdoors. In International Conference on Autonomic Computing, 2004.
15. S. Bugiel, S. Hauser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. In USENIX Security Symposium, 2013.
16. M. Carbone, W. Cui, L. Lu, W. Lee, M. Peinado, and X. Jiang. Mapping kernel objects to enable systematic integrity checking. In ACM Conference on Computer and Communications Security, 2009.
17. J. Clark and P. C. van Oorschot. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In IEEE Symposium on Security & Privacy, 2013.
18. P. Colp, J. Zhang, J. Gleeson, S. Suneja, E. Lara, H. Raj, S. Saroiu, and A. Wolman. Protecting data on smartphones and tablets from memory attacks. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2015.
19. M.J. Covington, P. Fogla, Z. Zhan, and M. Ahamad. A context-aware security architecture for emerging applications. In Annual Computer Security Applications Conference, 2002.
20. L. P. Cox and P. M. Chen. Pocket hypervisors: Opportunities and challenges. In ACM HotMobile, 2007.
21. W. Cui, M. Peinado, Z. Xu, and E. Chan. Tracking rootkit footprints with a practical memory analysis system. In USENIX Security Symposium, 2012.
22. C. Dall and J. Nieh. KVM/ARM: The design and implementation of the Linux ARM hypervisor. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2014.
23. L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nurnberger, and A.-R. Sadeghi. MoCFI: Mitigating control-flow attacks on smartphones. In Network & Distributed Systems Security Symposium, 2012.
24. X. Ge, H. Vijayakumar, and T. Jaeger. SPROBES: Enforcing kernel code integrity on the TrustZone architecture. In IEEE Mobile Security Technologies Workshop, 2014.
25. Google. Using DDMS for debugging. http://developer.android.com/tools/debugging/ddms.html.
26. A. P. Heriyanto. Procedures and tools for acquisition and analysis of volatile memory on Android smartphones. In 11th Australian Digital Forensics Conference, 2013.
27. S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi. ASM: A programmable interface for extending Android security. In USENIX Security Symposium, 2014.
28. O. S. Hofmann, A. M. Dunn, S. Kim, I. Roy, and E. Witchel. Ensuring operating system kernel integrity with OSck. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2011.
29. Mellanox Technologies Inc. Introduction to InfiniBand, September 2014. http://www.mellanox.com/blog/2014/09/introduction-to-infiniband.
30. S. Jana, D. Molnar, A. Moshchuk, A. Dunn, B. Livshits, H. J. Wang, and E. Ofek. Enabling fine-grained permissions for augmented reality applications with recognizers. In USENIX Security Symposium, 2013.
31. D. Jang, H. Lee, M. Kim, D. Kim, D. Kim, and B. Kang. ATRA: Address translation redirection attack against hardware-based external monitors. In ACM Conference on Computer and Communications Security, 2014.
32. K. Kostiainen, J. Ekberg, N. Asokan, and A. Rantala. On-board credentials with open provisioning. In ACM Symposium on Information, Computer and Communications Security, 2009.
33. W. Li, H. Li, H. Chen, and Y. Xia. AdAttester: Secure online advertisement attestation on mobile devices using TrustZone. In ACM MobiSys, 2015.
34. L. Litty, A. Lagar-Cavilla, and D. Lie. Hypervisor support to detect covertly executing binaries. In USENIX Security Symposium, 2008.
35. H. Liu, S. Saroiu, A. Wolman, and H. Raj. Software abstractions for trusted sensors. In ACM MobiSys, 2012.
36. M. McGee. New website tracks "Glasshole-Free Zones," businesses that have banned Google Glass. In Glass Alamanac (http://glassalmanac.com), March 2014.
37. Microsoft. Microsoft Intune: Simplify management of apps and devices. https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/.
38. M. Miettinen, S. Heuser, W. Kronz, A.-R. Sadeghi, and N. Asokan. ConXsense - Context profiling and classification for context-aware access control. In ACM Symposium on Information, Computer and Communications Security, 2014.
39. A. Migicovsky, Z. Durumeric, J. Ringenberg, and J. Alex Halderman. Outsmarting proctors with smartwatches: A case study on wearable computing security. In International Conference on Financial Cryptography and Data Security, 2014.
40. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically-rich application-centric security in Android. In Annual Computer Security Applications Conference, 2009.
41. S. Patel, J. Summet, and K. Truong. Blindspot: Creating capture-resistant spaces. In Protecting Privacy in Video Surveillance, 2009.
42. N. Petroni, T. Fraser, A.Walters, and W. A. Arbaugh. An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In USENIX Security Symposium, 2006.
43. N. Petroni and M. Hicks. Automated detection of persistent kernel control-flow attacks. In ACM Conference on Computer and Communications Security, 2007.
44. N. L. Petroni, T. Fraser, J. Molina, and W. A. Arbaugh. Copilot: A coprocessor-based kernel runtime integrity monitor. In USENIX Security Symposium, 2004.
45. H. Raj, S. Saroiu, A. Wolman, R. Aigner, J. Cox, P. England, C. Fenner, K. Kinshumann, J. Loeser, D. Mattoon, M. Nystrom, D. Robinson, R. Spiger, S. Thom, and D. Wooten. fTPM: A firmware-based TPM 2.0 implementation, November 2015. Microsoft Research Technical Report 2015-84.
46. H. Raj, S. Saroiu, A. Wolman, and J. Padhye. Splitting the bill for mobile data with SIMlets. In ACM HotMobile, 2013.
47. N. Raval, A. Srivastava, K. Lebeck, L. P. Cox, and A. Machanavajjhala. MarkIt: Privacy markers for protecting visual secrets. In ACM International Joint Conference on Pervasive and Ubiquitous Computing UPSIDE Workshop, 2014.
48. F. Roesner, D. Molnar, A. Moshchuk, T. Kohno, and H. J. Wang. World-driven access control for continuous sensing. In ACM Conference on Computer and Communications Security, 2014.
49. A.-R. Sadeghi, C. Stuble, and M. Winandy. Property-based TPM virtualization. In Information Security Conference, 2008.
50. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium, 2004.
51. Samsung. KNOX workspace supported MDMs. https://www.samsungknox.com/en/products/knox-workspace/technical/knox-mdm-feature-list.
52. N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM TrustZone to build a Trusted Language Runtime for mobile applications. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2014.
53. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In ACM Symposium on Operating Systems Principles, 2007.
54. S. Smalley and R. Craig. Security enhanced Android: Bringing flexible MAC to Android. In Network & Distributed Systems Security Symposium, 2013.
55. U. Steinberg and B. Kauer. NOVA: A microhypervisor-based secure virtualization architecture. In European Symposium on Computer Systems, 2010.
56. A. Stevenson. Boot into recovery mode for rooted and un-rooted Android devices. http://androidflagship.com/605-enter-recovery-mode-rooted-un-rooted-android.
57. H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia. TrustDump: Reliable memory acquisition on smartphones. In European Symposium on Research in Computer Security, 2014.
58. M. M. Swift, M. Annamalai, B. N. Bershad, and H. N. Levy. Recovering device drivers. ACM Transactions on Computer Systems, 24(4), 2006.
59. J. Sylve, A. Case, L. Marziale, and G. G. Richard. Acquisition and analysis of volatile memory from Android smartphones. Digital Investigation, 8(3-4), 2012.
60. X. Wang, K. Sun, Y. Wang, and J. Jing. DeepDroid: Dyanmically enforcing enterprise policy on Android device. In Network & Distributed Systems Security Symposium, 2015.
61. N. Zhang, H. Sun, K. Sun, W. Lou, and Y. T. Hou. CacheKit: Evading memory introspection using cache incoherence. In IEEE European Symposium on Security and Privacy, 2016.