University of Jyväskylä | JYX Digital Repository

  • English  | Give feedback |
    • suomi
    • English
 
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.
View Item 
  • JYX
  • Opinnäytteet
  • Väitöskirjat
  • View Item
JYX > Opinnäytteet > Väitöskirjat > View Item

Manipulating the ARM Hypervisor and TrustZone

Thumbnail
View/Open
5.3 Mb

Downloads:  
Show download detailsHide download details  
Published in
JYU dissertations
Authors
Ben Yehuda, Raz
Date
2021

 
ARM architecture keeps extending, and new features are added in each edition of this processor’s architecture. We examine the various techniques to manipulate the ARM hypervisor. In this work, we present a new execution context in the Linux operating system, which we refer to as the hyplet. The hyplet is a technique in which a function of a regular Linux process is executed in the hypervisor. It is through the use of the hyplet that an additional security layer is put inside an executing Linux process, inaccessible to common user space or kernel space privileges. Also, the hyplet provides an infrastructure for a CFI (Control Flow Inspection) technique named C-FLAT, a virtual disk used to trap intruders (honeypot), and a method to acquire coherent memory images for forensics. The acquisition is performed slowly, thereby reduces heat and power, and therefore a good solution for battery-based devices such as smartphones. Also, we show that the hyplet, compared to other RPC (Remote Procedure Call) techniques, provides an extremely fast RPC among Linux Processes. Through the hyplet, it is also possible to execute ISR (interrupt service routine) in a regular user-space Linux process. In Linux it is possible to offload a processor, usually to reduce power. We combined offloading a processor and the hyplet to demonstrate hard real-time. This technology is referred to as the offline hyplet. The offline hyplet demonstrates high-resolution timers, 20Khz, on a relatively slow ARM processor, executing a userspace routine inside a regular Linux process. Other than that, our research presents the hyperwall, a technology to protect network cards. Lastly, we provide a tutorial for a DMA attack on TrustZone running the OP-TEE operating system. ...
 
ARM-Architecture jatkuu jatkuvasti, ja uusia ominaisuuksia lisätään prosessorin jokaisessa versiossa. Tutkimme erilaisia tekniikoita ARM-hypervisor manipuloimiseksi. Tässä työssä esitämme uuden suoritusyhteyden Linux-käyttöjärjestelmässä, jota kutsumme Hyplet. Hyplet on tekniikka, jossa tavallisen Linux-prosessin toiminto suoritetaan hypervisor. Hyplet avulla laitetaan suoritettavan Linux-prosessin sisään ylimääräinen turvakerros, johon ei pääse tavalliselle käyttäjä- tai ydintilaa koskeville oikeuksille. Hyplet tarjoaa myös infrastruktuurin CFI (Control Flow Inspection) -tekniikalle, nimeltään C-FLAT, virtuaalilevylle, jota käytetään tunkeilijoiden ansaan (hunajapotti), ja menetelmän yhtenäisten muistikuvien hankkimiseksi Forensics. Hankinta suoritetaan hitaasti, mikä vähentää lämpöä ja virtaa ja on siten hyvä ratkaisu akkupohjaisille laitteille, kuten älypuhelimille. Näytämme myös, että hypletti tarjoaa muihin RPC (Remote Procedure Call) -tekniikoihin verrattuna erittäin nopean RPC: n Linux-prosessien joukossa. Hyplet kautta on myös mahdollista suorittaa ISR (keskeytä palvelurutiini) tavallisessa user-space Linux -prosessissa. Linuxissa on mahdollista purkaa prosessori, yleensä virran vähentämiseksi. Yhdistimme prosessorin ja hyplet purkamisen osoittaaksemme kovaa reaaliaikaista. Tätä tekniikkaa kutsutaan offline-hyplet. Offline-hypletti osoittaa korkean resoluution ajastimia, 20khz, suhteellisen hitaalla ARM-prosessorilla, joka suorittaa käyttäjätilan rutiinia tavallisessa Linux-prosessissa. Tämän lisäksi tutkimuksemme esittelee Hyperwall-tekniikkaa, joka suojaa verkkokortteja. Viimeiseksi tarjoamme opetusohjelman DMA-hyökkäykselle TrustZoneen, joka käyttää OP-TEE-käyttöjärjestelmää. ...
 
ISBN
978-951-39-8752-7
Contains publications
  • Artikkeli I: Ben Yehuda, Raz; Wiseman, Yair (2011). The offline scheduler for embedded transportation systems. Proceedings of Industrial Technology (ICIT), IEEE International Conference on. 2011.
  • Artikkeli II: Ben Yehuda Raz, Zaidenberg Nezer. (2018). Hyplets - Multi Exception Level Kernel towards Linux RTOS. In SYSTOR '18 : Proceedings of the 11th ACM International Systems and Storage Conference June 4-6, 2018, Haifa, Israel (pp. 116-117). ACM. DOI: 10.1145/3211890.3211917
  • Artikkeli III: Yehuda, R. B., Leon, R., & Zaidenberg, N. (2019). Arm security alternatives. In T. Cruz, & P. Simoes (Eds.), ECCWS 2019 : Proceedings of the 18th European Conference on Cyber Warfare and Security (pp. 604-612). Academic Conferences International. Proceedings of the European conference on information warfare and security. JYX: jyx.jyu.fi/handle/123456789/67099
  • Artikkeli IV: Kiperberg, Michael; Ben Yehuda, Raz and Zaidenberg. Nezer (2020). HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication. International Conference on Network and System Security. Best paper award. DOI: 10.1007/978-3-030-65745-1_5
  • Artikkeli V: Ben Yehuda, R., & Zaidenberg, J. (2020). Protection against reverse engineering in ARM. International Journal of Information Security, 19(1), 39-51. DOI: 10.1007/s10207-019-00450-1. JYX: jyx.jyu.fi/handle/123456789/67650
  • Artikkeli VI: Ben Yehuda, R., & Zaidenberg, N. J. (2020). The hyplet : Joining a Program and a Nanovisor for real-time and Performance. In SPECTS 2020 : International Symposium on Performance Evaluation of Computer & Telecommunication Systems. IEEE. Full text: ieeexplore.ieee.org/abstract/document/9203743/. JYX: jyx.jyu.fi/handle/123456789/74090
  • Artikkeli VII: Zaidenberg, N. J., Kiperberg, M., Yehuda, R. B., Leon, R., Algawi, A., & Resh, A. (2020). Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot. In P. Mori, S. Furnell, & O. Camp (Eds.), ICISSP 2019 : 5th International Conference on Information Systems Security and Privacy, Revised Selected Papers (pp. 317-334). Springer. Communications in Computer and Information Science, 1221. DOI: 10.1007/978-3-030-49443-8_15
  • Artikkeli VIII: Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. DOI: 10.1016/j.fsidi.2020.301106
  • Artikkeli IX: Ben Yehuda, Raz and Zaidenberg, Nezer. Offline nanovisor. Submitted.
  • Artikkeli X: Ben Yehuda, Raz; Aronov, Adam; Ekstein, Or; Kiperberg, Michael and Zaidenberg, Nezer. C FLAT nanovised. Submitted.
  • Artikkeli XI: Stajnord, Ron; Ben Yehuda, Raz and Zaidenberg, Nezer. Attacking Trust-Zone. Submitted.
URI

http://urn.fi/URN:ISBN:978-951-39-8752-7

Metadata
Show full item record
Collections
  • Väitöskirjat [3073]

Related items

Showing items with similar title or keywords.

  • Arm security alternatives 

    Yehuda, Raz Ben; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)
    Many real-world scenarios such as protecting DRM, online payments and usage in NFC payments in embedded devices require a trustworthy “trusted execution environment” (TEE) platform. The TEE should run on the ARM architecture. ...
  • Nanovised Control Flow Attestation 

    Ben Yehuda, Raz; Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)
    This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal ...
  • Attacking TrustZone on devices lacking memory protection 

    Stajnrod, Ron; Ben Yehuda, Raz; Zaidenberg, Nezer Jacob (Springer Science and Business Media LLC, 2021)
    ARM TrustZone offers a Trusted Execution Environment (TEE) embedded into the processor cores. Some vendors offer ARM modules that do not fully comply with TrustZone specifications, which may lead to vulnerabilities in the ...
  • Hypervisor-Based White Listing of Executables 

    Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)
    We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ...
  • Hypervisor-assisted Atomic Memory Acquisition in Modern Systems 

    Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)
    Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ...
  • Browse materials
  • Browse materials
  • Articles
  • Conferences and seminars
  • Electronic books
  • Historical maps
  • Journals
  • Tunes and musical notes
  • Photographs
  • Presentations and posters
  • Publication series
  • Research reports
  • Research data
  • Study materials
  • Theses

Browse

All of JYXCollection listBy Issue DateAuthorsSubjectsPublished inDepartmentDiscipline

My Account

Login

Statistics

View Usage Statistics
  • How to publish in JYX?
  • Self-archiving
  • Publish Your Thesis Online
  • Publishing Your Dissertation
  • Publication services

Open Science at the JYU
 
Data Protection Description

Accessibility Statement

Unless otherwise specified, publicly available JYX metadata (excluding abstracts) may be freely reused under the CC0 waiver.
Open Science Centre