Remotely controlling TrustZone applications? A study on securely and resiliently receiving remote commands

Authors:
Shengye Wan

The College of William & Mary

The College of William & Mary
View Profile

,
Kun Sun

George Mason University

George Mason University
View Profile

,
Ning Zhang

Washington University in St. Louis

Washington University in St. Louis
View Profile

,
Yue Li

The College of William & Mary

The College of William & Mary
View Profile

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile NetworksJune 2021Pages 204–215https://doi.org/10.1145/3448300.3468501

Published:28 June 2021Publication History

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 204–215

ABSTRACT

Mobile devices are becoming an indispensable part of work for corporations and governments to store and process sensitive information. Thus, it is important for remote administrators to maintain control of these devices via Mobile Device Management (MDM) solutions. ARM TrustZone has been widely regarded as the de facto solution for protecting the security-sensitive software, such as MDM agents, from attacks of a compromised rich OS. However, little attention has been given to protecting the MDM control channel, a fundamental component for a remote administrator to invoke the TrustZone-based MDM agents and perform specific management operations. In this work, we design an ARM TrustZone-based network mechanism, called TZNIC, towards enabling resilient and secure access to TrustZone-based software, even in the presence of a malicious rich OS. TZNIC deploys two NIC drivers, one secure-world driver and one normal-world driver, multiplexing one physical NIC. We utilize the ARM TrustZone-based high privilege to protect the secure-world driver and further resolve several challenges on sharing one set of hardware peripherals between two isolated software environments. TZNIC does not require any changes or collaboration of the rich OS. We implement a prototype of TZNIC, and the evaluation results show that TZNIC can provide a reliable network channel to invoke the security software in the secure world, with minimal system overhead on the rich OS.

References

Amazon. Accessed in June 2018. Best Sellers in Internal Computer Networking Cards. https://www.amazon.com/Best-Sellers-Computers-Accessories-Internal-Computer-Networking-Cards/zgbs/pc/13983711.Google Scholar
ARM. 2009. Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.Google Scholar
ARM. 2011. CoreLink GIC-400 Generic Interrupt Controller. https://static.docs.arm.com/ddi0471/a/DDI0471A_gic400_r0p0_trm.pdf.Google Scholar
ARM. 2012. Principles of ARM Memory Maps White Paper. http://infocenter.arm.com/help/topic/com.arm.doc.den0001c/DEN0001C_principles_of_arm_memory_maps.pdf.Google Scholar
ARM. 2013. ARM Generic Interrupt Controller Architecture version 2.0. http://docs-api-peg.northeurope.cloudapp.azure.com/assets/ihi0048/b/IHI0048B_b_gic_architecture_specification.pdf.Google Scholar
ARM. 2015. ARM CoreLink TZC-400 TrustZone Address Space Controller. https://static.docs.arm.com/100325/0001/arm_corelink_tzc400_trustzone_address_space_controller_trm_100325_0001_02_en.pdf.Google Scholar
ARM. 2015. Juno ARM Development Platform SoC Technical Reference Manual, Revision: r1p0. https://www.arm.com/files/pdf/DDI0515D1a_juno_arm_development_platform_soc_trm.pdf.Google Scholar
ARM. 2015. Programmer's Guide for ARMv8-A. https://developer.arm.com/documentation/den0024/a.Google Scholar
ARM. 2016. ARMv8-A Memory Systems version 1.0. https://static.docs.arm.com/100941/0100/armv8_a_memory_systems_100941_0100_en.pdf.Google Scholar
ARM. 2018. ARM Trusted Firmware. https://github.com/ARM-software/arm-trusted-firmware.Google Scholar
Ahmed M Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 90--102.Google ScholarDigital Library
Ahmed M Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C Skalsky. 2010. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In ACM CCS.Google Scholar
Ahmed M Azab, Peng Ning, and Xiaolan Zhang. 2011. Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM conference on Computer and communications security. ACM, 375--388.Google ScholarDigital Library
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.Google ScholarDigital Library
Philippe Biondi and the Scapy community. 2018. Scapy's Documentation. http://scapy.readthedocs.io/en/latest/index.html.Google Scholar
Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. SANCTUARY: ARMing TrustZone with User-space Enclaves.. In NDSS.Google Scholar
Ferdinand Brasser, Daeyoung Kim, Christopher Liebchen, Vinod Ganapathy, Liviu Iftode, and Ahmad-Reza Sadeghi. 2016. Regulating arm trustzone devices in restricted spaces. In ACM MobiSys.Google Scholar
David Cerdeira, Nuno Santos, Pedro Fonseca, and Sandro Pinto. 2020. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA. 18--20.Google ScholarCross Ref
Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang, and Xinming Ou. 2018. InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. In NDSS'18.Google Scholar
CNET. accessed March 2020. Dual-SIM and eSIM on Apple's 2018 iPhones: Everything you need to know. https://www.cnet.com/how-to/dual-sim-and-esim-on-apples-2018-iphones-everything-you-need-to-know/.Google Scholar
Miguel B Costa, Nuno O Duarte, Nuno Santos, and Paulo Ferreira. 2017. TrUbi: A System for Dynamically Constraining Mobile Devices within Restrictive Usage Scenarios. In ACM MobiHoc.Google Scholar
CVE Details. 2019. Android CVE Details. https://www.cvedetails.com/product/19997/Google-Android.html.Google Scholar
Jon Dugan, Seth Elliott, Bruce A. Mah, Jeff Poskanzer, Kaustubh Prabhu, Mark Ashley, Aaron Brown, Aeneas Jaißle, Susant Sahani, Bruce Simpson, and Brian. Tierney. 2018. iPerf Benchmark. https://iperf.fr.Google Scholar
Shawn Embleton, Sherri Sparks, and Cliff C Zou. 2013. SMM rootkit: a new breed of OS independent malware. Security and Communication Networks 6, 12 (2013), 1590--1605.Google ScholarCross Ref
Project Zero Gal Beniamini. 2017. Over The Air: Exploiting Broadcom's Wi-Fi Stack. https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html.Google Scholar
Matthew Gretton-Dann. 2017. Introducing 2017's extensions to the Arm Architecture. https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/introducing-2017s-extensions-to-the-arm-architecture.Google Scholar
Stephen Hemminger. 2005. Sky2 Driver Source Code. https://elixir.bootlin.com/linux/v4.17-rc4/source/drivers/net/ethernet/marvell/sky2.c.Google Scholar
Intel. 2018. Active Management Technology (AMT). https://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html.Google Scholar
Intel. Accessed in June 2020. System Management Mode (SMM). https://en.wikipedia.org/wiki/System_Management_Mode.Google Scholar
Seongmin Kim, Youjung Shin, Jaehyung Ha, Taesoo Kim, and Dongsu Han. 2015. A first step towards leveraging commodity trusted execution environments for network applications. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks. ACM, 7.Google ScholarDigital Library
Daniel Komaromy. Accessed in June 2020. Unbox Your Phone. https://medium.com/taszksec/unbox-your-phone-part-i-331bbf44c30c.Google Scholar
Matthew Lentz, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. 2018. SeCloak: ARM Trustzone-based Mobile Peripheral Control. In MobiSys. ACM.Google Scholar
Wenhao Li, Haibo Li, Haibo Chen, and Yubin Xia. 2015. Adattester: Secure online mobile advertisement attestation using trustzone. In MobiSys. ACM.Google ScholarDigital Library
Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang, Cheng-Kang Chu, and Tieyan Li. 2014. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of 5th Asia-Pacific Workshop on Systems. ACM.Google ScholarDigital Library
Linaro. Accessed in June 2020. OP-TEE Documentation. https://optee.readthedocs.io/.Google Scholar
Dongtao Liu and Landon P Cox. 2014. Veriui: Attested login for mobile devices. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. ACM, 7.Google ScholarDigital Library
Samsung Electronics Co. Ltd. 2017. White Paper: Samsung Knox Security Solution. https://www.samsungknox.com/docs/SamsungKnoxSecuritySolution.pdf.Google Scholar
Samsung Electronics Co. Ltd. 2018. Get Started with Knox Attestation. https://seap.samsung.com/tutorial/get-started-knox-attestation.Google Scholar
ManageEngine. accessed March 2020. Mobile Device Manager Plus. https://https://www.manageengine.com/mobile-device-management/.Google Scholar
Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda. 2013. Patch-Droid: Scalable Third-party Security Patches for Android Devices. In ACSAC'13.Google Scholar
Andy Nguyen. 2021. BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution. https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html.Google Scholar
Minh-Son Nguyen and Quan Le-Trung. 2013. Integration of Atheros ath5k device driver in wireless ad-hoc router. In Advanced Technologies for Communications (ATC), 2013 International Conference on. IEEE.Google ScholarCross Ref
NXP. 2013. Applications Processor Security Reference Manual for i.MX 6SoloLite. https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX6DQ6SDLSRM.Google Scholar
Ookla. Accessed in June 2020. 2019 Speedtest U.S. Mobile Performance Report. https://www.speedtest.net/reports/united-states/.Google Scholar
Mitja Rutnik. accessed March 2020. The best dual SIM Android phones to spend your money on. https://www.androidauthority.com/best-dual-sim-android-phones-529470/.Google Scholar
Nuno Santos, Nuno O Duarte, Miguel B Costa, and Paulo Ferreira. 2015. A Case for Enforcing App-Specific Constraints to Mobile Devices by Using Trust Leases.. In HotOS.Google Scholar
Ben Smith, Rick Grehan, Tom Yager, and DC Niemi. 2011. Byte-unixbench: A Unix benchmark suite.Google Scholar
SOTI. accessed March 2020. SOTI MOBICONTROL. https://soti.net/mobicontrol.Google Scholar
He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, and Haining Wang. 2015. Trustice: Hardware-assisted isolated computing environments on mobile devices. In DSN. IEEE.Google Scholar
Torvalds. 2018. GitHub Linux Kernel. https://github.com/torvalds/linux.Google Scholar
Shengye Wan, Jianhua Sun, Kun Sun, Ning Zhang, and Qi Li. 2019. SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 289--301.Google Scholar
Shengye Wan, Mingshen Sun, Kun Sun, Ning Zhang, and Xu He. 2020. RusTEE: Developing Memory-Safe ARM TrustZone Applications. In Annual Computer Security Applications Conference. 442--453.Google Scholar
Jiang Wang, Fengwei Zhang, Kun Sun, and Angelos Stavrou. 2011. Firmware-assisted memory acquisition and analysis tools for digital forensics. In Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop on. IEEE, 1--5.Google Scholar
ARM Developer Website. 2018. Accessing memory-mapped peripherals. https://developer.arm.com/products/software-development-tools/ds-5-development-studio/resources/tutorials/accessing-memory-mapped-peripherals.Google Scholar
Kailiang Ying, Priyank Thavai, and Wenliang Du. 2019. TruZ-View: Developing TrustZone User Interface for Mobile OS Using Delegation Integration Model. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy. ACM, 1--12.Google ScholarDigital Library
Fengwei Zhang, Jiang Wang, Kun Sun, and Angelos Stavrou. 2014. Hypercheck: A hardware-assisted integrity monitor. IEEE Transactions on Dependable and Secure Computing 11, 4 (2014), 332--344.Google ScholarCross Ref
Ning Zhang, Kun Sun, Wenjing Lou, and Y Thomas Hou. 2016. Case: Cache-assisted secure execution on arm processors. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 72--90.Google ScholarCross Ref

Index Terms

Remotely controlling TrustZone applications? A study on securely and resiliently receiving remote commands
1. Security and privacy
  1. Network security
    1. Mobile and wireless security
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM
VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Once compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from ...
Read More
HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM
VEE '17

Once compromising the hypervisor, remote or local adversaries can easily access other customers' sensitive data in the memory and context of guest virtual machines (VMs). VM isolation is an efficient mechanism for protecting the memory of guest VMs from ...
Read More
Secure Block Device -- Secure, Flexible, and Efficient Data Storage for ARM TrustZone Systems
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Recent years have seen a flurry of activity in the area of efficient and secure file systems for cloud storage, and also in the area of memory protection for secure processors. Both scenarios use cryptographic methods for data protection. Here, we ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks
June 2021
412 pages
ISBN:9781450383493
DOI:10.1145/3448300
General Chairs:
Christina Pöpper
New York University Abu Dhabi, AE
,
Mathy Vanhoef
New York University Abu Dhabi, AE
,
Program Chairs:
Lejla Batina
Radboud University, NL
,
René Mayrhofer
Johannes Kepler University Linz, AT
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 June 2021
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ARM TrustZone
mobile device management
network driver
network interface card
Qualifiers
- research-article
Conference

Acceptance Rates
WiSec '21 Paper Acceptance Rate34of121submissions,28%Overall Acceptance Rate98of338submissions,29%
More
Upcoming Conference
WiSec '24

Sponsor:

sigsac

17th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 27 - 30, 2024

Seoul , Republic of Korea
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 438
  Total Downloads
- Downloads (Last 12 months)191
- Downloads (Last 6 weeks)46
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.