University of Jyväskylä | JYX Digital Repository

  • English  | Give feedback |
    • suomi
    • English
 
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.
View Item 
  • JYX
  • Opinnäytteet
  • Väitöskirjat
  • View Item
JYX > Opinnäytteet > Väitöskirjat > View Item

Manipulating the ARM Hypervisor and TrustZone

Thumbnail
View/Open
5.3 Mb

Downloads:  
Show download detailsHide download details  
Published in
JYU dissertations
Authors
Ben Yehuda, Raz
Date
2021

 
ARM architecture keeps extending, and new features are added in each edition of this processor’s architecture. We examine the various techniques to manipulate the ARM hypervisor. In this work, we present a new execution context in the Linux operating system, which we refer to as the hyplet. The hyplet is a technique in which a function of a regular Linux process is executed in the hypervisor. It is through the use of the hyplet that an additional security layer is put inside an executing Linux process, inaccessible to common user space or kernel space privileges. Also, the hyplet provides an infrastructure for a CFI (Control Flow Inspection) technique named C-FLAT, a virtual disk used to trap intruders (honeypot), and a method to acquire coherent memory images for forensics. The acquisition is performed slowly, thereby reduces heat and power, and therefore a good solution for battery-based devices such as smartphones. Also, we show that the hyplet, compared to other RPC (Remote Procedure Call) techniques, provides an extremely fast RPC among Linux Processes. Through the hyplet, it is also possible to execute ISR (interrupt service routine) in a regular user-space Linux process. In Linux it is possible to offload a processor, usually to reduce power. We combined offloading a processor and the hyplet to demonstrate hard real-time. This technology is referred to as the offline hyplet. The offline hyplet demonstrates high-resolution timers, 20Khz, on a relatively slow ARM processor, executing a userspace routine inside a regular Linux process. Other than that, our research presents the hyperwall, a technology to protect network cards. Lastly, we provide a tutorial for a DMA attack on TrustZone running the OP-TEE operating system. ...
 
ARM-Architecture jatkuu jatkuvasti, ja uusia ominaisuuksia lisätään prosessorin jokaisessa versiossa. Tutkimme erilaisia tekniikoita ARM-hypervisor manipuloimiseksi. Tässä työssä esitämme uuden suoritusyhteyden Linux-käyttöjärjestelmässä, jota kutsumme Hyplet. Hyplet on tekniikka, jossa tavallisen Linux-prosessin toiminto suoritetaan hypervisor. Hyplet avulla laitetaan suoritettavan Linux-prosessin sisään ylimääräinen turvakerros, johon ei pääse tavalliselle käyttäjä- tai ydintilaa koskeville oikeuksille. Hyplet tarjoaa myös infrastruktuurin CFI (Control Flow Inspection) -tekniikalle, nimeltään C-FLAT, virtuaalilevylle, jota käytetään tunkeilijoiden ansaan (hunajapotti), ja menetelmän yhtenäisten muistikuvien hankkimiseksi Forensics. Hankinta suoritetaan hitaasti, mikä vähentää lämpöä ja virtaa ja on siten hyvä ratkaisu akkupohjaisille laitteille, kuten älypuhelimille. Näytämme myös, että hypletti tarjoaa muihin RPC (Remote Procedure Call) -tekniikoihin verrattuna erittäin nopean RPC: n Linux-prosessien joukossa. Hyplet kautta on myös mahdollista suorittaa ISR (keskeytä palvelurutiini) tavallisessa user-space Linux -prosessissa. Linuxissa on mahdollista purkaa prosessori, yleensä virran vähentämiseksi. Yhdistimme prosessorin ja hyplet purkamisen osoittaaksemme kovaa reaaliaikaista. Tätä tekniikkaa kutsutaan offline-hyplet. Offline-hypletti osoittaa korkean resoluution ajastimia, 20khz, suhteellisen hitaalla ARM-prosessorilla, joka suorittaa käyttäjätilan rutiinia tavallisessa Linux-prosessissa. Tämän lisäksi tutkimuksemme esittelee Hyperwall-tekniikkaa, joka suojaa verkkokortteja. Viimeiseksi tarjoamme opetusohjelman DMA-hyökkäykselle TrustZoneen, joka käyttää OP-TEE-käyttöjärjestelmää. ...
 
ISBN
978-951-39-8752-7
Contains publications
  • Artikkeli I: Ben Yehuda, Raz; Wiseman, Yair (2011). The offline scheduler for embedded transportation systems. Proceedings of Industrial Technology (ICIT), IEEE International Conference on. 2011.
  • Artikkeli II: Ben Yehuda Raz, Zaidenberg Nezer. (2018). Hyplets - Multi Exception Level Kernel towards Linux RTOS. In SYSTOR '18 : Proceedings of the 11th ACM International Systems and Storage Conference June 4-6, 2018, Haifa, Israel (pp. 116-117). ACM. DOI: 10.1145/3211890.3211917
  • Artikkeli III: Yehuda, R. B., Leon, R., & Zaidenberg, N. (2019). Arm security alternatives. In T. Cruz, & P. Simoes (Eds.), ECCWS 2019 : Proceedings of the 18th European Conference on Cyber Warfare and Security (pp. 604-612). Academic Conferences International. Proceedings of the European conference on information warfare and security. JYX: jyx.jyu.fi/handle/123456789/67099
  • Artikkeli IV: Kiperberg, Michael; Ben Yehuda, Raz and Zaidenberg. Nezer (2020). HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication. International Conference on Network and System Security. Best paper award. DOI: 10.1007/978-3-030-65745-1_5
  • Artikkeli V: Ben Yehuda, R., & Zaidenberg, J. (2020). Protection against reverse engineering in ARM. International Journal of Information Security, 19(1), 39-51. DOI: 10.1007/s10207-019-00450-1. JYX: jyx.jyu.fi/handle/123456789/67650
  • Artikkeli VI: Ben Yehuda, R., & Zaidenberg, N. J. (2020). The hyplet : Joining a Program and a Nanovisor for real-time and Performance. In SPECTS 2020 : International Symposium on Performance Evaluation of Computer & Telecommunication Systems. IEEE. Full text: ieeexplore.ieee.org/abstract/document/9203743/. JYX: jyx.jyu.fi/handle/123456789/74090
  • Artikkeli VII: Zaidenberg, N. J., Kiperberg, M., Yehuda, R. B., Leon, R., Algawi, A., & Resh, A. (2020). Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot. In P. Mori, S. Furnell, & O. Camp (Eds.), ICISSP 2019 : 5th International Conference on Information Systems Security and Privacy, Revised Selected Papers (pp. 317-334). Springer. Communications in Computer and Information Science, 1221. DOI: 10.1007/978-3-030-49443-8_15
  • Artikkeli VIII: Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. DOI: 10.1016/j.fsidi.2020.301106
  • Artikkeli IX: Ben Yehuda, Raz and Zaidenberg, Nezer. Offline nanovisor. Submitted.
  • Artikkeli X: Ben Yehuda, Raz; Aronov, Adam; Ekstein, Or; Kiperberg, Michael and Zaidenberg, Nezer. C FLAT nanovised. Submitted.
  • Artikkeli XI: Stajnord, Ron; Ben Yehuda, Raz and Zaidenberg, Nezer. Attacking Trust-Zone. Submitted.
URI

http://urn.fi/URN:ISBN:978-951-39-8752-7

Metadata
Show full item record
Collections
  • Väitöskirjat [3178]

Related items

Showing items with similar title or keywords.

  • Hypervisor-Based White Listing of Executables 

    Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)
    We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ...
  • Applications of Hypervisors in Security 

    Leon, Roee Shimon (2019)
    As malware continue to evolve, so do the countermeasures which attempt to fight them. A modern computer system typically has many security services installed on top of its operating system which include antivirus, ...
  • Using Hypervisors to Overcome Structured Exception Handler Attacks 

    Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)
    Microsoft windows is a family of client and server operating systems that needs no introduction. Microsoft windows operating system family has a feature to handle exceptions by storing in the stack the address of an ...
  • Hypervisor-assisted dynamic malware analysis 

    Leon, Roee S.; Kiperberg, Michael; Zabag, Anat Anatey Leon; Zaidenberg, Nezer Jacob (Springer, 2021)
    Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis ...
  • H-KPP : Hypervisor-Assisted Kernel Patch Protection 

    Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)
    We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ...
  • Browse materials
  • Browse materials
  • Articles
  • Conferences and seminars
  • Electronic books
  • Historical maps
  • Journals
  • Tunes and musical notes
  • Photographs
  • Presentations and posters
  • Publication series
  • Research reports
  • Research data
  • Study materials
  • Theses

Browse

All of JYXCollection listBy Issue DateAuthorsSubjectsPublished inDepartmentDiscipline

My Account

Login

Statistics

View Usage Statistics
  • How to publish in JYX?
  • Self-archiving
  • Publish Your Thesis Online
  • Publishing Your Dissertation
  • Publication services

Open Science at the JYU
 
Data Protection Description

Accessibility Statement

Unless otherwise specified, publicly available JYX metadata (excluding abstracts) may be freely reused under the CC0 waiver.
Open Science Centre