ABSTRACT
Mobile devices are becoming an indispensable part of work for corporations and governments to store and process sensitive information. Thus, it is important for remote administrators to maintain control of these devices via Mobile Device Management (MDM) solutions. ARM TrustZone has been widely regarded as the de facto solution for protecting the security-sensitive software, such as MDM agents, from attacks of a compromised rich OS. However, little attention has been given to protecting the MDM control channel, a fundamental component for a remote administrator to invoke the TrustZone-based MDM agents and perform specific management operations. In this work, we design an ARM TrustZone-based network mechanism, called TZNIC, towards enabling resilient and secure access to TrustZone-based software, even in the presence of a malicious rich OS. TZNIC deploys two NIC drivers, one secure-world driver and one normal-world driver, multiplexing one physical NIC. We utilize the ARM TrustZone-based high privilege to protect the secure-world driver and further resolve several challenges on sharing one set of hardware peripherals between two isolated software environments. TZNIC does not require any changes or collaboration of the rich OS. We implement a prototype of TZNIC, and the evaluation results show that TZNIC can provide a reliable network channel to invoke the security software in the secure world, with minimal system overhead on the rich OS.
- Amazon. Accessed in June 2018. Best Sellers in Internal Computer Networking Cards. https://www.amazon.com/Best-Sellers-Computers-Accessories-Internal-Computer-Networking-Cards/zgbs/pc/13983711.Google Scholar
- ARM. 2009. Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.Google Scholar
- ARM. 2011. CoreLink GIC-400 Generic Interrupt Controller. https://static.docs.arm.com/ddi0471/a/DDI0471A_gic400_r0p0_trm.pdf.Google Scholar
- ARM. 2012. Principles of ARM Memory Maps White Paper. http://infocenter.arm.com/help/topic/com.arm.doc.den0001c/DEN0001C_principles_of_arm_memory_maps.pdf.Google Scholar
- ARM. 2013. ARM Generic Interrupt Controller Architecture version 2.0. http://docs-api-peg.northeurope.cloudapp.azure.com/assets/ihi0048/b/IHI0048B_b_gic_architecture_specification.pdf.Google Scholar
- ARM. 2015. ARM CoreLink TZC-400 TrustZone Address Space Controller. https://static.docs.arm.com/100325/0001/arm_corelink_tzc400_trustzone_address_space_controller_trm_100325_0001_02_en.pdf.Google Scholar
- ARM. 2015. Juno ARM Development Platform SoC Technical Reference Manual, Revision: r1p0. https://www.arm.com/files/pdf/DDI0515D1a_juno_arm_development_platform_soc_trm.pdf.Google Scholar
- ARM. 2015. Programmer's Guide for ARMv8-A. https://developer.arm.com/documentation/den0024/a.Google Scholar
- ARM. 2016. ARMv8-A Memory Systems version 1.0. https://static.docs.arm.com/100941/0100/armv8_a_memory_systems_100941_0100_en.pdf.Google Scholar
- ARM. 2018. ARM Trusted Firmware. https://github.com/ARM-software/arm-trusted-firmware.Google Scholar
- Ahmed M Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 90--102.Google ScholarDigital Library
- Ahmed M Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C Skalsky. 2010. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In ACM CCS.Google Scholar
- Ahmed M Azab, Peng Ning, and Xiaolan Zhang. 2011. Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM conference on Computer and communications security. ACM, 375--388.Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.Google ScholarDigital Library
- Philippe Biondi and the Scapy community. 2018. Scapy's Documentation. http://scapy.readthedocs.io/en/latest/index.html.Google Scholar
- Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. SANCTUARY: ARMing TrustZone with User-space Enclaves.. In NDSS.Google Scholar
- Ferdinand Brasser, Daeyoung Kim, Christopher Liebchen, Vinod Ganapathy, Liviu Iftode, and Ahmad-Reza Sadeghi. 2016. Regulating arm trustzone devices in restricted spaces. In ACM MobiSys.Google Scholar
- David Cerdeira, Nuno Santos, Pedro Fonseca, and Sandro Pinto. 2020. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA. 18--20.Google ScholarCross Ref
- Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang, and Xinming Ou. 2018. InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. In NDSS'18.Google Scholar
- CNET. accessed March 2020. Dual-SIM and eSIM on Apple's 2018 iPhones: Everything you need to know. https://www.cnet.com/how-to/dual-sim-and-esim-on-apples-2018-iphones-everything-you-need-to-know/.Google Scholar
- Miguel B Costa, Nuno O Duarte, Nuno Santos, and Paulo Ferreira. 2017. TrUbi: A System for Dynamically Constraining Mobile Devices within Restrictive Usage Scenarios. In ACM MobiHoc.Google Scholar
- CVE Details. 2019. Android CVE Details. https://www.cvedetails.com/product/19997/Google-Android.html.Google Scholar
- Jon Dugan, Seth Elliott, Bruce A. Mah, Jeff Poskanzer, Kaustubh Prabhu, Mark Ashley, Aaron Brown, Aeneas Jaißle, Susant Sahani, Bruce Simpson, and Brian. Tierney. 2018. iPerf Benchmark. https://iperf.fr.Google Scholar
- Shawn Embleton, Sherri Sparks, and Cliff C Zou. 2013. SMM rootkit: a new breed of OS independent malware. Security and Communication Networks 6, 12 (2013), 1590--1605.Google ScholarCross Ref
- Project Zero Gal Beniamini. 2017. Over The Air: Exploiting Broadcom's Wi-Fi Stack. https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html.Google Scholar
- Matthew Gretton-Dann. 2017. Introducing 2017's extensions to the Arm Architecture. https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/introducing-2017s-extensions-to-the-arm-architecture.Google Scholar
- Stephen Hemminger. 2005. Sky2 Driver Source Code. https://elixir.bootlin.com/linux/v4.17-rc4/source/drivers/net/ethernet/marvell/sky2.c.Google Scholar
- Intel. 2018. Active Management Technology (AMT). https://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html.Google Scholar
- Intel. Accessed in June 2020. System Management Mode (SMM). https://en.wikipedia.org/wiki/System_Management_Mode.Google Scholar
- Seongmin Kim, Youjung Shin, Jaehyung Ha, Taesoo Kim, and Dongsu Han. 2015. A first step towards leveraging commodity trusted execution environments for network applications. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks. ACM, 7.Google ScholarDigital Library
- Daniel Komaromy. Accessed in June 2020. Unbox Your Phone. https://medium.com/taszksec/unbox-your-phone-part-i-331bbf44c30c.Google Scholar
- Matthew Lentz, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. 2018. SeCloak: ARM Trustzone-based Mobile Peripheral Control. In MobiSys. ACM.Google Scholar
- Wenhao Li, Haibo Li, Haibo Chen, and Yubin Xia. 2015. Adattester: Secure online mobile advertisement attestation using trustzone. In MobiSys. ACM.Google ScholarDigital Library
- Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang, Cheng-Kang Chu, and Tieyan Li. 2014. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of 5th Asia-Pacific Workshop on Systems. ACM.Google ScholarDigital Library
- Linaro. Accessed in June 2020. OP-TEE Documentation. https://optee.readthedocs.io/.Google Scholar
- Dongtao Liu and Landon P Cox. 2014. Veriui: Attested login for mobile devices. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. ACM, 7.Google ScholarDigital Library
- Samsung Electronics Co. Ltd. 2017. White Paper: Samsung Knox Security Solution. https://www.samsungknox.com/docs/SamsungKnoxSecuritySolution.pdf.Google Scholar
- Samsung Electronics Co. Ltd. 2018. Get Started with Knox Attestation. https://seap.samsung.com/tutorial/get-started-knox-attestation.Google Scholar
- ManageEngine. accessed March 2020. Mobile Device Manager Plus. https://https://www.manageengine.com/mobile-device-management/.Google Scholar
- Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda. 2013. Patch-Droid: Scalable Third-party Security Patches for Android Devices. In ACSAC'13.Google Scholar
- Andy Nguyen. 2021. BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution. https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html.Google Scholar
- Minh-Son Nguyen and Quan Le-Trung. 2013. Integration of Atheros ath5k device driver in wireless ad-hoc router. In Advanced Technologies for Communications (ATC), 2013 International Conference on. IEEE.Google ScholarCross Ref
- NXP. 2013. Applications Processor Security Reference Manual for i.MX 6SoloLite. https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX6DQ6SDLSRM.Google Scholar
- Ookla. Accessed in June 2020. 2019 Speedtest U.S. Mobile Performance Report. https://www.speedtest.net/reports/united-states/.Google Scholar
- Mitja Rutnik. accessed March 2020. The best dual SIM Android phones to spend your money on. https://www.androidauthority.com/best-dual-sim-android-phones-529470/.Google Scholar
- Nuno Santos, Nuno O Duarte, Miguel B Costa, and Paulo Ferreira. 2015. A Case for Enforcing App-Specific Constraints to Mobile Devices by Using Trust Leases.. In HotOS.Google Scholar
- Ben Smith, Rick Grehan, Tom Yager, and DC Niemi. 2011. Byte-unixbench: A Unix benchmark suite.Google Scholar
- SOTI. accessed March 2020. SOTI MOBICONTROL. https://soti.net/mobicontrol.Google Scholar
- He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, and Haining Wang. 2015. Trustice: Hardware-assisted isolated computing environments on mobile devices. In DSN. IEEE.Google Scholar
- Torvalds. 2018. GitHub Linux Kernel. https://github.com/torvalds/linux.Google Scholar
- Shengye Wan, Jianhua Sun, Kun Sun, Ning Zhang, and Qi Li. 2019. SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 289--301.Google Scholar
- Shengye Wan, Mingshen Sun, Kun Sun, Ning Zhang, and Xu He. 2020. RusTEE: Developing Memory-Safe ARM TrustZone Applications. In Annual Computer Security Applications Conference. 442--453.Google Scholar
- Jiang Wang, Fengwei Zhang, Kun Sun, and Angelos Stavrou. 2011. Firmware-assisted memory acquisition and analysis tools for digital forensics. In Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop on. IEEE, 1--5.Google Scholar
- ARM Developer Website. 2018. Accessing memory-mapped peripherals. https://developer.arm.com/products/software-development-tools/ds-5-development-studio/resources/tutorials/accessing-memory-mapped-peripherals.Google Scholar
- Kailiang Ying, Priyank Thavai, and Wenliang Du. 2019. TruZ-View: Developing TrustZone User Interface for Mobile OS Using Delegation Integration Model. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy. ACM, 1--12.Google ScholarDigital Library
- Fengwei Zhang, Jiang Wang, Kun Sun, and Angelos Stavrou. 2014. Hypercheck: A hardware-assisted integrity monitor. IEEE Transactions on Dependable and Secure Computing 11, 4 (2014), 332--344.Google ScholarCross Ref
- Ning Zhang, Kun Sun, Wenjing Lou, and Y Thomas Hou. 2016. Case: Cache-assisted secure execution on arm processors. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 72--90.Google ScholarCross Ref
Index Terms
- Remotely controlling TrustZone applications? A study on securely and resiliently receiving remote commands
Recommendations
HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM
VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsOnce compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from ...
HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM
VEE '17Once compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from ...
Secure Block Device -- Secure, Flexible, and Efficient Data Storage for ARM TrustZone Systems
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01Recent years have seen a flurry of activity in the area of efficient and secure file systems for cloud storage, and also in the area of memory protection for secure processors. Both scenarios use cryptographic methods for data protection. Here, we ...
Comments