skip to main content
10.1145/2660267.2660350acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World

Published: 03 November 2014 Publication History

Abstract

TrustZone-based Real-time Kernel Protection (TZ-RKP) is a novel system that provides real-time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more secure than current approaches that use hypervisors to host kernel protection tools. Although hypervisors provide privilege and isolation, they face fundamental security challenges due to their growing complexity and code size. TZ-RKP puts its security monitor, which represents its entire Trusted Computing Base (TCB), in the TrustZone secure world; a safe isolated environment that is dedicated to security services. Hence, the security monitor is safe from attacks that can potentially compromise the kernel, which runs in the normal world. Using the secure world for kernel protection has been crippled by the lack of control over targets that run in the normal world. TZ-RKP solves this prominent challenge using novel techniques that deprive the normal world from the ability to control certain privileged system functions. These functions are forced to route through the secure world for inspection and approval before being executed. TZ-RKP's control of the normal world is non-bypassable. It can effectively stop attacks that aim at modifying or injecting kernel binaries. It can also stop attacks that involve modifying the system memory layout, e.g, through memory double mapping. This paper presents the implementation and evaluation of TZ-RKP, which has gone through rigorous and thorough evaluation of effectiveness and performance. It is currently deployed on the latest models of the Samsung Galaxy series smart phones and tablets, which clearly demonstrates that it is a practical real-world system.

References

[1]
Android rooting method: Motochopper. http://hexamob.com/how-to-root/motochopper-method.
[2]
CVE-2007--4993: Xen guest root can escape to domain 0 through pygrub. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007--4993.
[3]
CVE-2008--2100: VMware buffer overflows in VIX API let local users execute arbitrary code. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008--2100.
[4]
CVE-2013--6432. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013--6432.
[5]
How to root my Android device using vRoot. http://http://androidxda.com/download-vroot.
[6]
Vulnerability in xenserver could result in privilege escalation and arbitrary code execution. http://support.citrix.com/article/CTX118766.
[7]
Xbox 360 hypervisor privilege escalation vulnerability. http://www.securityfocus.com/archive/1/461489.
[8]
Advanced Micro Devices. AMD64 architecture programmer's manual: Volume 2: System programming, September 2007.
[9]
ARM Ltd. TrustZone. http://www.arm.com/products/processors/technologies/trustzone.php.
[10]
ARM Ltd. ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition, 2012.
[11]
A. M. Azab and P. Ning. Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices, Feb. 6 2014. WO Patent App. PCT/US2013/000,074.
[12]
A. M. Azab, P. Ning, E. C. Sezer, and X. Zhang. HIMA: A hypervisor-based integrity measurement agent. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC '09), pages 193--206, 2009.
[13]
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10), pages 38--49, 2010.
[14]
A. Baliga, V. Ganapathy, and L. Iftode. Automatic inference and enforcement of kernel data structure invariants. In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC '08), pages 77--86, 2008.
[15]
J. Bickford, R. O'Hare, A. Baliga, V. Ganapathy, and L. Iftode. Rootkits on smart phones: Attacks, implications and opportunities. In Proceedings of the Eleventh Workshop on Mobile Computing Systems and Applications (HotMobile '10), pages 49--54, 2010.
[16]
E. Buchanan, E. Roemer, H. Shacham, and S. Savage. When good instructions go bad: generalizing return-oriented programming to RISC. In Proceedings of the 15th ACM conference on Computer and communications security (CCS '08), pages 27--38, 2008.
[17]
Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng. ROPecker: A generic and practical approach for defending against ROP attacks. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS '14), 2014.
[18]
S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. SecureME: a hardware-software approach to full system security. In Proceedings of the international conference on Supercomputing (ICS '11), pages 108--119, 2011.
[19]
J. Criswell, N. Dautenhahn, and V. Adve. KCoFI: Complete control-flow integrity for commodity operating system kernels. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014.
[20]
J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve. Secure virtual architecture: a safe execution environment for commodity operating systems. In Proceedings of the 21st ACM SIGOPS symposium on Operating systems principles (SOSP '07), pages 351--366, 2007.
[21]
L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nürnberger, and A.-R. Sadeghi. Mocfi: A framework to mitigate control-flow attacks on smartphones. In Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS'12), 2012.
[22]
F. M. David, E. M. Chan, J. C. Carlyle, and R. H. Campbell. Cloaker: Hardware supported rootkit concealment. In Proceedings of the 29th IEEE Symposium on Security and Privacy. IEEE, 2008.
[23]
T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM symposium on Operating systems principles (SOSP '03), pages 193--206, 2003.
[24]
T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the 10th Network and Distributed Systems Security Symposium (NDSS '03), pages 191--206, 2003.
[25]
X. Ge, H. Vijayakumar, and T. Jaeger. SPROBES: Enforcing kernel code integrity on the trustzone architecture. In Proceedings of the 2014 Mobile Security Technologies (MoST) workshop, 2014.
[26]
E. Göktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In Proceedings of the 35th IEEE Symposium on Security and Privacy, 2014.
[27]
G. Hotz. towelroot. https://towelroot.com/.
[28]
R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th USENIX Security Symposium, 2009.
[29]
Intel Corporation. Trusted eXecution Technology preliminary architecture specification and enabling considerations, 2006.
[30]
X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07), pages 128--138, 2007.
[31]
S. T. Jones, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau. Antfarm: tracking processes in a virtual machine environment. In Proceedings of the annual conference on USENIX '06 Annual Technical Conference (ATEC '06), pages 1--1, 2006.
[32]
V. P. Kemerlis, G. Portokalidis, and A. D. Keromytis. kGuard: Lightweight kernel protection against return-to-user attacks. In Proceedings of the 21st USENIX Security Symposium, 2012.
[33]
C. Kil, E. C. Sezer, A. M. Azab, P. Ning, and X. Zhang. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In Proceedings of the 39th International Conference on Dependable Systems and Networks (DSN'09), 2009.
[34]
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (SOSP '09), pages 207--220, 2009.
[35]
K. Kourai and S. Chiba. Hyperspector: virtual distributed monitoring environments for secure intrusion detection. In Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments (VEE '05), pages 197--207, 2005.
[36]
M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter. L4android: A generic operating system framework for secure smartphones. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '11), 2011.
[37]
A. Lineberry. Malicious code injection via /dev/mem. Black Hat Europe, 2009.
[38]
L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor support for identifying covertly executing binaries. In Proceedings of the 17th USENIX Security Symposium, pages 243--258, 2008.
[39]
Z. Liu, J. Lee, J. Zeng, Y. Wen, Z. Lin, and W. Shi. Cpu transparent protection of os kernel and hypervisor integrity with programmable dram. In Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13), 2013.
[40]
J. McCune, Y. Li, N. Qu, A. Datta, V. Gligor, and A. Perrig. Efficient TCB reduction and attestation. In the 31st IEEE Symposium on Security and Privacy, May 2010.
[41]
J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: an execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference on Computer Systems (EuroSys), 2008.
[42]
H. Moon, H. Lee, J. Lee, K. Kim, Y. Paek, and B. B. Kang. Vigilare: Toward snoop-based kernel integrity monitor. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12), 2012.
[43]
B. D. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In Proceedings of the 29th IEEE Symposium on Security and Privacy, pages 233--247, 2008.
[44]
N. L. Petroni Jr. and M. Hicks. Automated detection of persistent kernel control-flow attacks. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07), pages 103--115, 2007.
[45]
J. Rhee, R. Riley, D. Xu, and X. Jiang. Defeating dynamic data kernel rootkit attacks via VMM-based guest-transparent monitoring. In Proceedings of the International Conference on Availability, Reliability and Security (ARES '09), pages 74--81, 2009.
[46]
D. Rosenberg. QSEE TrustZone kernel integer over flow vulnerability. In Black Hat conference, 2014.
[47]
Samsung. White paper: An overview of Samsung KNOX, 2013.
[48]
Secunia. Vulnerability report: VMware ESX server 3.x. http://secunia.com/advisories/product/10757/.
[49]
Secunia. Xen multiple vulnerability report. http://secunia.com/advisories/44502/.
[50]
A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles (SOSP '07), pages 335--350, 2007.
[51]
H. Shacham. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and Communications Security (CCS '07), pages 552--561, 2007.
[52]
M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure in-vm monitoring using hardware virtualization. In Proceedings of the 16th ACM conference on Computer and communications security (CCS '09), pages 477--487, 2009.
[53]
U. Steinberg and B. Kauer. NOVA: a microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European conference on Computer systems (EuroSys'10), pages 209--222. ACM, 2010.
[54]
S. Vogl, J. Pfoh, T. Kittel, and C. Eckert. Persistent data-only malware: Function hooks without code. In Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS'14), 2014.
[55]
J. Wang, A. Stavrou, and A. K. Ghosh. HyperCheck: A hardware-assisted integrity monitor. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID'10), September 2010.
[56]
R. Wojtczuk and J. Rutkowska. Xen 0wning trilogy. In Black Hat conference, 2008.
[57]
C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical control flow integrity and randomization for binary executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy, 2013.
[58]
V. Zimmer and Y. Rasheed. Hypervisor runtime integrity support. US Patent 20090164770, June 2009.

Cited By

View all
  • (2025)InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write MonitoringIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.339906822:1(343-358)Online publication date: Jan-2025
  • (2024)Method and Practice of Trusted Embedded Computing and Data Transmission Protection Architecture Based on AndroidChinese Journal of Electronics10.23919/cje.2022.00.19633:3(623-634)Online publication date: May-2024
  • (2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
  • Show More Cited By

Index Terms

  1. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
    November 2014
    1592 pages
    ISBN:9781450329576
    DOI:10.1145/2660267
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 03 November 2014

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. arm trustzone
    2. integrity monitoring
    3. kernel protection

    Qualifiers

    • Research-article

    Conference

    CCS'14
    Sponsor:

    Acceptance Rates

    CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)203
    • Downloads (Last 6 weeks)29
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write MonitoringIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.339906822:1(343-358)Online publication date: Jan-2025
    • (2024)Method and Practice of Trusted Embedded Computing and Data Transmission Protection Architecture Based on AndroidChinese Journal of Electronics10.23919/cje.2022.00.19633:3(623-634)Online publication date: May-2024
    • (2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
    • (2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
    • (2024)FortifyPatch: Towards Tamper-Resistant Live Patching in Linux-Based HypervisorProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652108(38-50)Online publication date: 11-Sep-2024
    • (2024)(In)visible Privacy Indicator: Security Analysis of Privacy Indicator on Android DevicesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3645014(1630-1643)Online publication date: 1-Jul-2024
    • (2024)Condo: Enhancing Container Isolation Through Kernel Permission Data ProtectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341191519(6168-6183)Online publication date: 2024
    • (2024)kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS KernelsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333426821:4(3768-3784)Online publication date: Jul-2024
    • (2024)A Secure Computing System With Hardware-Efficient Lazy Bonsai Merkle Tree for FPGA-Attached Embedded MemoryIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332493521:4(3262-3279)Online publication date: Jul-2024
    • (2024)An seL4-based Trusted Execution Environment on RISC-V2024 International Wireless Communications and Mobile Computing (IWCMC)10.1109/IWCMC61514.2024.10592332(712-717)Online publication date: 27-May-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media