Manipulating the ARM Hypervisor and TrustZone
Julkaistu sarjassa
JYU dissertationsTekijät
Päivämäärä
2021Tekijänoikeudet
© The Author & University of Jyväskylä
ARM architecture keeps extending, and new features are added in each edition of this processor’s architecture. We examine the various techniques to manipulate the ARM hypervisor. In this work, we present a new execution context in the Linux operating system, which we refer to as the hyplet. The hyplet is a technique in which a function of a regular Linux process is executed in the hypervisor. It is through the use of the hyplet that an additional security layer is put inside an executing Linux process, inaccessible to common user space or kernel space privileges. Also, the hyplet provides an infrastructure for a CFI (Control Flow Inspection) technique named C-FLAT, a virtual disk used to trap intruders (honeypot), and a method to acquire coherent memory images for forensics. The acquisition is performed slowly, thereby reduces heat and power, and therefore a good solution for battery-based devices such as smartphones. Also, we show that the hyplet, compared to other RPC (Remote Procedure Call) techniques, provides an extremely fast RPC among Linux Processes. Through the hyplet, it is also possible to execute ISR (interrupt service routine) in a regular user-space Linux process. In Linux it is possible to offload a processor, usually to reduce power. We combined offloading a processor and the hyplet to demonstrate hard real-time. This technology is referred to as the offline hyplet. The offline hyplet demonstrates high-resolution timers, 20Khz, on a relatively slow ARM processor, executing a userspace routine inside a regular Linux process. Other than that, our research presents the hyperwall, a technology to protect network cards. Lastly, we provide a tutorial for a DMA attack on TrustZone running the OP-TEE operating system.
...
Julkaisija
Jyväskylän yliopistoISBN
978-951-39-8752-7ISSN Hae Julkaisufoorumista
2489-9003Julkaisuun sisältyy osajulkaisuja
- Artikkeli I: Ben Yehuda, Raz; Wiseman, Yair (2011). The offline scheduler for embedded transportation systems. Proceedings of Industrial Technology (ICIT), IEEE International Conference on. 2011.
- Artikkeli II: Ben Yehuda Raz, Zaidenberg Nezer. (2018). Hyplets - Multi Exception Level Kernel towards Linux RTOS. In SYSTOR '18 : Proceedings of the 11th ACM International Systems and Storage Conference June 4-6, 2018, Haifa, Israel (pp. 116-117). ACM. DOI: 10.1145/3211890.3211917
- Artikkeli III: Yehuda, R. B., Leon, R., & Zaidenberg, N. (2019). Arm security alternatives. In T. Cruz, & P. Simoes (Eds.), ECCWS 2019 : Proceedings of the 18th European Conference on Cyber Warfare and Security (pp. 604-612). Academic Conferences International. Proceedings of the European conference on information warfare and security. JYX: jyx.jyu.fi/handle/123456789/67099
- Artikkeli IV: Kiperberg, Michael; Ben Yehuda, Raz and Zaidenberg. Nezer (2020). HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication. International Conference on Network and System Security. Best paper award. DOI: 10.1007/978-3-030-65745-1_5
- Artikkeli V: Ben Yehuda, R., & Zaidenberg, J. (2020). Protection against reverse engineering in ARM. International Journal of Information Security, 19(1), 39-51. DOI: 10.1007/s10207-019-00450-1. JYX: jyx.jyu.fi/handle/123456789/67650
- Artikkeli VI: Ben Yehuda, R., & Zaidenberg, N. J. (2020). The hyplet : Joining a Program and a Nanovisor for real-time and Performance. In SPECTS 2020 : International Symposium on Performance Evaluation of Computer & Telecommunication Systems. IEEE. Full text: ieeexplore.ieee.org/abstract/document/9203743/. JYX: jyx.jyu.fi/handle/123456789/74090
- Artikkeli VII: Zaidenberg, N. J., Kiperberg, M., Yehuda, R. B., Leon, R., Algawi, A., & Resh, A. (2020). Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot. In P. Mori, S. Furnell, & O. Camp (Eds.), ICISSP 2019 : 5th International Conference on Information Systems Security and Privacy, Revised Selected Papers (pp. 317-334). Springer. Communications in Computer and Information Science, 1221. DOI: 10.1007/978-3-030-49443-8_15
- Artikkeli VIII: Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. DOI: 10.1016/j.fsidi.2020.301106
- Artikkeli IX: Ben Yehuda, Raz and Zaidenberg, Nezer. Offline nanovisor. Submitted.
- Artikkeli X: Ben Yehuda, Raz; Aronov, Adam; Ekstein, Or; Kiperberg, Michael and Zaidenberg, Nezer. C FLAT nanovised. Submitted.
- Artikkeli XI: Stajnord, Ron; Ben Yehuda, Raz and Zaidenberg, Nezer. Attacking Trust-Zone. Submitted.
Metadata
Näytä kaikki kuvailutiedotKokoelmat
- JYU Dissertations [836]
- Väitöskirjat [3535]
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Attacking TrustZone on devices lacking memory protection
Stajnrod, Ron; Ben Yehuda, Raz; Zaidenberg, Nezer Jacob (Springer Science and Business Media LLC, 2022)ARM TrustZone offers a Trusted Execution Environment (TEE) embedded into the processor cores. Some vendors offer ARM modules that do not fully comply with TrustZone specifications, which may lead to vulnerabilities in the ... -
Arm security alternatives
Yehuda, Raz Ben; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)Many real-world scenarios such as protecting DRM, online payments and usage in NFC payments in embedded devices require a trustworthy “trusted execution environment” (TEE) platform. The TEE should run on the ARM architecture. ... -
Nanovised Control Flow Attestation
Ben Yehuda, Raz; Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal ... -
Using Hypervisors to Overcome Structured Exception Handler Attacks
Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)Microsoft windows is a family of client and server operating systems that needs no introduction. Microsoft windows operating system family has a feature to handle exceptions by storing in the stack the address of an ... -
HyperIO : A Hypervisor-Based Framework for Secure IO
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2023)Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.