SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment

22nd Annual Network and Distributed System Security Symposium, NDSS 2015

Volumn , Issue , 2015, Pages

  Jang, Jinsoo ^a   Kong, Sunjune ^a   Kim, Minsu ^a   Kim, Daegyeong ^a   Kang, Brent Byunghoon ^a  

^a Korea Advanced Institute of Science and Technology (KAIST)   (South Korea)

Author keywords

[No Author keywords available]

Indexed keywords

SECURE COMMUNICATION;

ARM TRUSTZONE; CONTROL ACCESS; CRITICAL RESOURCES; EXECUTION ENVIRONMENTS; SECURE CHANNELS; SECURITY SOLUTIONS; SECURITY-CRITICAL; SECURITY-SENSITIVE RESOURCES; SESSION KEY; TRUSTED EXECUTION ENVIRONMENTS;

ACCESS CONTROL;

EID: 85128201272     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss.2015.23189     Document Type: Conference Paper

References (38)

1. “Architecture reference manual (armv7-a and armv7-r edition), ” ARM DDI C, vol. 406, 2008.
2. “cve-2013-3051, ” April 2013. [Online]. Available: http://www.cvedetails.com/cve/CVE-2013-3051/
3. “Unlocking the motorola bootloader, ” April 2013. [Online]. Available: http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html
4. “Arm fastmodels, ” June 2014. [Online]. Available: http://www.arm.com/products/tools/models/fast-models/
5. “Arm security technology: Building a secure system using trustzone technology, ” Tech. Rep., June 2014. [Online]. Available: http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf
6. “Arndale board, ” June 2014. [Online]. Available: http://www.arndaleboard.org/wiki/index.php/Main_Page
7. “Discretix, ” June 2014. [Online]. Available: http://www.discretix.com/products-solutions
8. “Model debugger for fast models, ” Tech. Rep., June 2014. [Online]. Available: http://infocenter.arm.com/help/topic/com.arm.doc.dui0314i/DUI0314I_model_debugger_ug.pdf
9. “Proxama, ” June 2014. [Online]. Available: http://www.proxama.com/products-and-services/trustzone
10. “Sensepost, ” June 2014. [Online]. Available: http://www.sensepost.com/blog/9114.html
11. “Sierraware, ” June 2014. [Online]. Available: http://www.openvirtualization.org/
12. W. A. Arbaugh, D. J. Farber, and J. M. Smith, “A secure and reliable bootstrap architecture, ” in Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on. IEEE, 1997, pp. 65-71.
13. ARM, “Procedure call standard for the arm architecture, ” Tech. Rep., November 2012. [Online]. Available: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0042e/IHI0042E_aapcs.pdf
14. A. AZAB and P. Ning, “Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices, ” Patent WO 2014/021 919, June 2, 2014. [Online]. Available: http://patentscope.wipo.int/search/en/WO2014021919
15. A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky, “Hypersentry: enabling stealthy in-context measurement of hypervisor integrity, ” in Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010, pp. 38-49.
16. X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Wald-spurger, D. Boneh, J. Dwoskin, and D. R. Ports, “Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems, ” in ACM SIGOPS Operating Systems Review, vol. 42, no. 2. ACM, 2008, pp. 2-13.
17. J. Criswell, N. Dautenhahn, and V. Adve, “Virtual ghost: protecting applications from hostile operating systems, ” in Proceedings of the 19th international conference on Architectural support for programming languages and operating systems. ACM, 2014, pp. 81-96.
18. Y. Fu and Z. Lin, “Space traveling across vm: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection, ” in Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012, pp. 586-600.
19. X. Ge, H. Vijayakumar, and T. Jaeger, “Sprobes: Enforcing kernel code integrity on the trustzone architecture, ” 2014.
20. O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel, “Inktag: secure applications on an untrusted operating system, ” ACM SIGPLAN Notices, vol. 48, no. 4, pp. 265-278, 2013.
21. S. Jin, J. Ahn, S. Cha, and J. Huh, “Architectural support for secure virtualization under a vulnerable hypervisor, ” in Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture. ACM, 2011, pp. 272-283.
22. D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, “Architectural support for copy and tamper resistant software, ” ACM SIGPLAN Notices, vol. 35, no. 11, pp. 168-177, 2000.
23. D. Lie, C. A. Thekkath, and M. Horowitz, “Implementing an untrusted operating system on trusted hardware, ” in ACM SIGOPS Operating Systems Review, vol. 37, no. 5. ACM, 2003, pp. 178-192.
24. L. Litty, H. A. Lagar-Cavilla, and D. Lie, “Hypervisor support for identifying covertly executing binaries, ” in USENIX Security Symposium, 2008, pp. 243-258.
25. H. Liu, S. Saroiu, A. Wolman, and H. Raj, “Software abstractions for trusted sensors, ” in Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM, 2012, pp. 365-378.
26. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, “Innovative instructions and software model for isolated execution, ” HASP, vol. 13, p. 10, 2013.
27. P. Ning, “Introducing the samsung knox plaform, ” Tech. Rep., June 2014. [Online]. Available: http://samsungdevus.com/sites/Default/files/IntroducingtheSamsungKNOXPlatform-PengNing.pdf
28. B. D. Payne, M. Carbone, M. Sharif, and W. Lee, “Lares: An architecture for secure active monitoring using virtualization, ” in Security and Privacy, 2008. SP 2008. IEEE Symposium on. IEEE, 2008, pp. 233-247.
29. D. R. Ports and T. Garfinkel, “Towards application security on untrusted operating systems, ” in HotSec, 2008.
30. L. Samsung Electronics Co., “White paper: An overview of samsung knox, ” Tech. Rep., June 2014. [Online]. Available: http://www.samsung.com/my/business-images/resource/white-paper/2013/11/Samsung_KNOX_whitepaper_An_Overview_of_Samsung_KNOX-0.pdf
31. N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using arm trustzone to build a trusted language runtime for mobile applications, ” in Proceedings of the 19th international conference on Architectural support for programming languages and operating systems. ACM, 2014, pp. 67-80.
32. A. Seshadri, M. Luk, N. Qu, and A. Perrig, “Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses, ” ACM SIGOPS Operating Systems Review, vol. 41, no. 6, pp. 335-350, 2007.
33. M. I. Sharif, W. Lee, W. Cui, and A. Lanzi, “Secure in-vm monitoring using hardware virtualization, ” in Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009, pp. 477-487.
34. D. Srinivasan, Z. Wang, X. Jiang, and D. Xu, “Process out-grafting: an efficient out-of-vm approach for fine-grained process execution monitoring, ” in Proceedings of the 18th ACM conference on Computer and communications security. ACM, 2011, pp. 363-374.
35. A. Srivastava and J. T. Giffin, “Efficient monitoring of untrusted kernel-mode execution.” in NDSS, 2011.
36. J. Wang, A. Stavrou, and A. Ghosh, “Hypercheck: A hardware-assisted integrity monitor, ” in Recent Advances in Intrusion Detection. Springer, 2010, pp. 158-177.
37. Z. Wang, X. Jiang, W. Cui, and P. Ning, “Countering kernel rootkits with lightweight hook protection, ” in Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009, pp. 545-554.
38. F. Zhang, J. Chen, H. Chen, and B. Zang, “Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization, ” in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. ACM, 2011, pp. 203-216.