Cache-based Attacks Against ARM TrustZone
Dr. Kun Sun
IST Department Seminar
10am, Thursday October 21st
Research Hall 163 or Zoom (details below)
Abstract:
ARM processors provide a hardware security extension called TrustZone to protect security sensitive code and data running in a trusted execution environment. Our research points out
that it is critical to protect the CPU caches when developing TrustZone-based security systems. First, we observe an ARM TrustZone cache incoherence behavior, which results in the cache contents of the two worlds, secure world and normal world, potentially
being different even when they are mapped to the same physical address. Based on this observation, we develop a new cache-based rootkit called CacheKit that hides in the cache of the normal world and is able to evade memory introspection from the secure world.
Second, researchers propose to create Isolated Execution Environments (IEEs) in the normal world to protect the security sensitive applications. However, we discover three cache-based attacks called CITM that can be leveraged to manipulate the sensitive data
protected in IEE systems. Specifically, due to the inefficient and incoherent security measures on the cache that maps to the IEE memory, attackers in the normal world may compromise the security of IEE data by manipulating the IEE memory during concurrent
execution, bypassing the security measures enforced when a security sensitive application is suspended or finished, or misusing the incomplete security measures during IEE’s context switching processes.
Biography:
Dr. Kun Sun is an associate professor in the Department of Information Sciences and Technology at George Mason University. He is also the director of Sun Security Laboratory
and the associate director of the Center for Secure Information Systems. He received his Ph.D. in Computer Science from North Carolina State University in 2006. Before joining GMU, he was an assistant professor in College of William and Mary. Dr. Sun has more
than 15 years working experience in both academia and industry, and his research work has been funded by government agencies including the National Science Foundation, the Office of Naval Research, the Army Research Office, the Army Research Office, the Air
Force Research Laboratory, the Department of Homeland Security, and the National Institute of Standards and Technology. His research focuses on systems and network security. He has publishing over 100 conference and journal papers, and two papers won the Best
Paper Award. His current research focuses on trustworthy computing environment, moving target defense, smart phone security, network security, AI/ML security, and software security. He has been serving as a faculty senator since 2018.
Zoom details:
Join Zoom Meeting
https://gmu.zoom.us/j/93060740525?pwd=aVhTbWxDWmVZV0VMVXZyV3hhYStHdz09
Meeting ID: 930 6074 0525
Passcode: 299185
One tap mobile
+13017158592,,93060740525#,,,,*299185# US (Washington DC)
+12678310333,,93060740525#,,,,*299185# US (Philadelphia)
Dial by your location
+1 301 715 8592 US (Washington DC)
+1 267 831 0333 US (Philadelphia)
Meeting ID: 930 6074 0525
Passcode: 299185
Find your local number:
https://gmu.zoom.us/u/aeeVF3QDcL
Join by SIP