Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices

Proceedings of the 2016 USENIX Annual Technical Conference, USENIX ATC 2016

Volumn , Issue , 2016, Pages 565-578

  Cho, Yeongpil ^a   Shin, Junbum ^b   Kwon, Donghyun ^a   Ham, Myungjoo ^b   Kim, Yuna ^b   Paek, Yunheung ^a  

^a Seoul National University   (South Korea)

^b SAMSUNG Electronics   (South Korea)

Author keywords

[No Author keywords available]

Indexed keywords

CHEMICAL ACTIVATION; HARDWARE SECURITY; SAFE HANDLING;

HARDWARE-ASSISTED; INFORMATION HANDLING; MEMORY PROTECTION; MOBILE APPLICATIONS; RESOURCE RESTRICTIONS; SECURE TRANSACTIONS; SECURITY-CRITICAL CODES; TRUSTED EXECUTION ENVIRONMENTS;

MOBILE SECURITY;

EID: 85026657375     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (62)

1. Performance Measurement on ARM. http: //www.pengutronix.de/development/kernel/ arm-benchmarks-20100729-en.html.
2. ALVES, T., AND FELTON, D. Trustzone: Integrated hardware and software security. ARM white paper (2004).
3. ARM. System memory management unit (smmu). http: //www.arm.com/products/system-ip/controllers/ system-mmu.php.
4. ARM. Primecell infrastructure amba3 trustzone memory adapter (bp141). In ARM DTO 0017A (2004).
5. ARM. Primecell infrastructure amba3 trustzone protection controller (bp147). In ARM DTO 0015A (2004).
6. ARM. Architecture reference manual armv7-a and armv7-r edition. In DDI 0406C (2009).
7. ARM. Trustzone address space controller (tzc-380). In ARM DDI 0431B (2010).
8. ARM. Generic interrupt controller architecture version 2.0. In ARM IHI 0048B (2013).
9. AZAB, A. M., NING, P., SHAH, J., CHEN, Q., BHUTKAR, R., GANESH, G., MA, J., AND SHEN, W. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014).
10. AZAB, A. M., NING, P., AND ZHANG, X. Sice: a hardwarelevel strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS) (2011).
11. BAUMANN, A., PEINADO, M., AND HUNT, G. Shielding applications from an untrusted cloud with haven. In Proceedings of 11th USENIX Symposium on Operating Systems Design and Implementation (2014).
12. BHARGAVA, R., SEREBRIN, B., SPADINI, F., AND MANNE, S. Accelerating two-dimensional page walks for virtualized systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (2008).
13. BICKFORD, J., O'HARE, R., BALIGA, A., GANAPATHY, V., AND IFTODE, L. Rootkits on smart phones: attacks, implications and opportunities. In Proceedings of the eleventh workshop on mobile computing systems & applications (2010).
14. BRUMLEY, D., AND SONG, D. Privtrans: Automatically partitioning programs for privilege separation. In USENIX Security Symposium (2004).
15. CHAMPAGNE, D., AND LEE, R. B. Scalable architectural support for trusted software. In High Performance Computer Architecture (HPCA), 2010 IEEE 16th International Symposium on (2010).
16. CHECKOWAY, S., AND SHACHAM, H. Iago attacks: why the system call api is a bad untrusted rpc interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2013).
17. CHEN, X., GARFINKEL, T., LEWIS, E. C., SUBRAHMANYAM, P., WALDSPURGER, C. A., BONEH, D., DWOSKIN, J., AND PORTS, D. R. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (2008).
18. CHENG, Y., DING, X., AND DENG, R. Appshield: Protecting applications against untrusted operating system. Singaport Management University Technical Report, SMU-SIS-13 (2013).
19. CHHABRA, S., ROGERS, B., SOLIHIN, Y., AND PRVULOVIC, M. Secureme: a hardware-software approach to full system security. In Proceedings of the international conference on Supercomputing (2011).
20. COLP, P. J., ZHANG, J., GLEESON, J., SUNEJA, S., DE LARA, E., RAJ, H., SAROIU, S., AND WOLMAN, A. Protecting data on smartphones and tablets from memory attacks. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2015).
21. DALL, C., AND NIEH, J. Kvm/arm: The design and implementation of the linux arm hypervisor. In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems (ASPLOS) (2014).
22. DAVID, F. M., CARLYLE, J. C., AND CAMPBELL, R. H. Context switch overheads for linux on arm platforms. In Proceedings of the 2007Workshop on Experimental Computer Science (2007).
23. DEVRIENT, G. Mobicore. http://www. gi-de.com/en/trends-and-insights/mobicore/ trusted-mobile-services.jsp.
24. GARFINKEL, T., PFAFF, B., CHOW, J., ROSENBLUM, M., AND BONEH, D. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (2003).
25. GE, X., VIJAYAKUMAR, H., AND JAEGER, T. Sprobes: Enforcing kernel code integrity on the trustzone architecture.
26. HALDERMAN, J. A., SCHOEN, S. D., HENINGER, N., CLARKSON, W., PAUL, W., CALANDRINO, J. A., FELDMAN, A. J., APPELBAUM, J., AND FELTEN, E. W. Lest we remember: Cold boot attacks on encryption keys. In Proceedings of the 17th Conference on Security Symposium (2008).
27. HARDKERNEL. Odroid. http://www.hardkernel.com.
28. HOFMANN, O. S., KIM, S., DUNN, A. M., LEE, M. Z., AND WITCHEL, E. Inktag: Secure applications on an untrusted operating system. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2013).
29. INC, A. Secure virtual machine architecture reference manual, 2005.
30. INTEL. Software guard extensions programming reference.
31. LABS, M. Threats report. http://www.mcafee.com/us/ resources/reports/rp-quarterly-threat-q1-2015. pdf, 2015.
32. LI, W., MA, M., HAN, J., XIA, Y., ZANG, B., CHU, C.-K., AND LI, T. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of 5th Asia-Pacific Workshop on Systems (2014).
33. LI, Y., MCCUNE, J., NEWSOME, J., PERRIG, A., BAKER, B., AND DREWRY, W. Minibox: A two-way sandbox for x86 native code. In 2014 USENIX Annual Technical Conference (ATC) (2014).
34. LIE, D., THEKKATH, C. A., AND HOROWITZ, M. Implementing an untrusted operating system on trusted hardware. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (2003).
35. LOWELL, D. E., SAITO, Y., AND SAMBERG, E. J. Devirtualizable virtual machines enabling general, single-node, online maintenance. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (2004).
36. MCCUNE, J. M., LI, Y., QU, N., ZHOU, Z., DATTA, A., GLIGOR, V., AND PERRIG, A. Trustvisor: Efficient tcb reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy (2010).
37. MCCUNE, J. M., PARNO, B., PERRIG, A., REITER, M. K., AND ISOZAKI, H. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference in Computer Systems (2008).
38. MISRA, S. C., AND BHAVSAR, V. C. Relationships between selected software measures and latent bug-density: Guidelines for improving quality. In Computational Science and Its ApplicationsICCSA 2003. 2003.
39. NEIGER, G., SANTONI, A., LEUNG, F., RODGERS, D., AND UHLIG, R. Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal (2006).
40. NORDHOLZ, J., VETTER, J., PETER, M., JUNKERPETSCHICK, M., AND DANISEVSKIS, J. Xnpro: Low-impact hypervisor-based execution prevention on arm. In Proceedings of the 5th International Workshop on Trustworthy Embedded Devices (2015).
41. OMOTE, Y., SHINAGAWA, T., AND KATO, K. Improving agility and elasticity in bare-metal clouds. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (2015).
42. RAVI, S., ULHAS, W., AND PRASHANT, D. Dynamic software application protection. Intel Technology Journal (2009).
43. REN, J., QI, Y., DAI, Y., WANG, X., AND SHI, Y. Appsec: A safe execution environment for security sensitive applications. In Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (2015).
44. SANTOS, N., RAJ, H., SAROIU, S., AND WOLMAN, A. Trusted language runtime (tlr): enabling trusted applications on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (2011).
45. SANTOS, N., RAJ, H., SAROIU, S., AND WOLMAN, A. Using arm trustzone to build a trusted language runtime for mobile applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2014).
46. SCHUSTER, F., COSTA, M., FOURNET, C., GKANTSIDIS, C., PEINADO, M., MAINAR-RUIZ, G., AND RUSSINOVICH, M. Vc3: Trustworthy data analytics in the cloud using sgx. In Security and Privacy (SP), 2015 IEEE Symposium on (2015).
47. SESHADRI, A., LUK, M., QU, N., AND PERRIG, A. Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles (2007).
48. SIERRAWARE. Open virtualization - arm trustzone and arm hypervisor open source software. http://www.sierraware.com.
49. SOLUTIONS, E. Analysis tools for ddr1, ddr2, ddr3, embedded ddr and fully buffered dimm modules. http://www. epnsolutions.net/ddr.html, 2014.
50. SUH, G. E., CLARKE, D., GASSEND, B., VAN DIJK, M., AND DEVADAS, S. Aegis: architecture for tamper-evident and tamperresistant processing. In Proceedings of the 17th annual international conference on Supercomputing (2003).
51. SUN, H., SUN, K., WANG, Y., AND JING, J. Trustotp: Transforming smartphones into secure one-time password tokens. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015).
52. SUN, H., SUN, K., WANG, Y., JING, J., AND WANG, H. Trustice: Hardware-assisted isolated computing environments on mobile devices. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on (2015).
53. SUN, K., WANG, J., ZHANG, F., AND STAVROU, A. Secureswitch: Bios-assisted isolation and switch between trusted and untrusted commodity oses. In Network and Distributed System Security Symposium (NDSS) (2012).
54. SYSTEM, F. Ddr2 800 bus analysis probe. http://www. futureplus.com/download/datasheet/fs2334-ds.pdf, 2006.
55. TA-MIN, R., LITTY, L., AND LIE, D. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th symposium on Operating systems design and implementation (OSDI) (2006).
56. UNIFIED, E. Inc. unified extensible firmware interface specification, 2014.
57. WHEELER, D. A. Sloccount. http://www.dwheeler.com/ sloccount, 2001.
58. YANG, J., AND SHIN, K. G. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE) (2008).
59. YEE, B., SEHR, D., DARDYK, G., CHEN, J. B., MUTH, R., ORMANDY, T., OKASAKA, S., NARULA, N., AND FULLAGAR, N. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy (2009).
60. YEFREMOV, D., AND IAKOVENKO, P. An approach to on the fly activation and deactivation of virtualization-based security systems. In Proceedings of the Spring/Summer Young Researchers Colloquium on Software Engineering (2010).
61. ZHOU, Y., AND JIANG, X. Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on (2012).
62. ZHOU, Z., YU, M., AND GLIGOR, V. Dancing with giants: Wimpy kernels for on-demand isolated i/o. In Proceedings of the IEEE Symposium on Security and Privacy (2014).