Cache-based Attacks Against ARM TrustZone

Dr. Kun Sun

IST Department Seminar

10am, Thursday October 21st

Research Hall 163 or Zoom (details below)



ARM processors provide a hardware security extension called TrustZone to protect security sensitive code and data running in a trusted execution environment. Our research points out that it is critical to protect the CPU caches when developing TrustZone-based security systems. First, we observe an ARM TrustZone cache incoherence behavior, which results in the cache contents of the two worlds, secure world and normal world, potentially being different even when they are mapped to the same physical address. Based on this observation, we develop a new cache-based rootkit called CacheKit that hides in the cache of the normal world and is able to evade memory introspection from the secure world. Second, researchers propose to create Isolated Execution Environments (IEEs) in the normal world to protect the security sensitive applications. However, we discover three cache-based attacks called CITM that can be leveraged to manipulate the sensitive data protected in IEE systems. Specifically, due to the inefficient and incoherent security measures on the cache that maps to the IEE memory, attackers in the normal world may compromise the security of IEE data by manipulating the IEE memory during concurrent execution, bypassing the security measures enforced when a security sensitive application is suspended or finished, or misusing the incomplete security measures during IEE’s context switching processes.



Dr. Kun Sun is an associate professor in the Department of Information Sciences and Technology at George Mason University. He is also the director of Sun Security Laboratory and the associate director of the Center for Secure Information Systems. He received his Ph.D. in Computer Science from North Carolina State University in 2006. Before joining GMU, he was an assistant professor in College of William and Mary. Dr. Sun has more than 15 years working experience in both academia and industry, and his research work has been funded by government agencies including the National Science Foundation, the Office of Naval Research, the Army Research Office, the Army Research Office, the Air Force Research Laboratory, the Department of Homeland Security, and the National Institute of Standards and Technology. His research focuses on systems and network security. He has publishing over 100 conference and journal papers, and two papers won the Best Paper Award. His current research focuses on trustworthy computing environment, moving target defense, smart phone security, network security, AI/ML security, and software security. He has been serving as a faculty senator since 2018.


Zoom details:

Join Zoom Meeting


Meeting ID: 930 6074 0525

Passcode: 299185

One tap mobile

+13017158592,,93060740525#,,,,*299185# US (Washington DC)

+12678310333,,93060740525#,,,,*299185# US (Philadelphia)


Dial by your location

        +1 301 715 8592 US (Washington DC)

        +1 267 831 0333 US (Philadelphia)

Meeting ID: 930 6074 0525

Passcode: 299185

Find your local number:


Join by SIP

[log in to unmask]