978-951-39-8752-7_vaitos_2021_08_06.pdf

Manipulating the ARM Hypervisor and TrustZone

Abstract
ARM architecture keeps extending, and new features are added in each edition of this processor’s architecture. We examine the various techniques to manipulate the ARM hypervisor. In this work, we present a new execution context in the Linux operating system, which we refer to as the hyplet. The hyplet is a technique in which a function of a regular Linux process is executed in the hypervisor. It is through the use of the hyplet that an additional security layer is put inside an executing Linux process, inaccessible to common user space or kernel space privileges. Also, the hyplet provides an infrastructure for a CFI (Control Flow Inspection) technique named C-FLAT, a virtual disk used to trap intruders (honeypot), and a method to acquire coherent memory images for forensics. The acquisition is performed slowly, thereby reduces heat and power, and therefore a good solution for battery-based devices such as smartphones. Also, we show that the hyplet, compared to other RPC (Remote Procedure Call) techniques, provides an extremely fast RPC among Linux Processes. Through the hyplet, it is also possible to execute ISR (interrupt service routine) in a regular user-space Linux process. In Linux it is possible to offload a processor, usually to reduce power. We combined offloading a processor and the hyplet to demonstrate hard real-time. This technology is referred to as the offline hyplet. The offline hyplet demonstrates high-resolution timers, 20Khz, on a relatively slow ARM processor, executing a userspace routine inside a regular Linux process. Other than that, our research presents the hyperwall, a technology to protect network cards. Lastly, we provide a tutorial for a DMA attack on TrustZone running the OP-TEE operating system.
Main Author
Ben Yehuda, Raz
Format
Theses Doctoral thesis
Published
2021
Series
JYU Dissertations
ISBN
978-951-39-8752-7
Publisher
Jyväskylän yliopisto
The permanent address of the publication
https://urn.fi/URN:ISBN:978-951-39-8752-7Use this for linking
ISSN
2489-9003
Language
English
Published in
JYU Dissertations
Contains publications
  • Artikkeli I: Ben Yehuda, Raz; Wiseman, Yair (2011). The offline scheduler for embedded transportation systems. Proceedings of Industrial Technology (ICIT), IEEE International Conference on. 2011.
  • Artikkeli II: Ben Yehuda Raz, Zaidenberg Nezer. (2018). Hyplets - Multi Exception Level Kernel towards Linux RTOS. In SYSTOR '18 : Proceedings of the 11th ACM International Systems and Storage Conference June 4-6, 2018, Haifa, Israel (pp. 116-117). ACM. DOI: 10.1145/3211890.3211917
  • Artikkeli III: Yehuda, R. B., Leon, R., & Zaidenberg, N. (2019). Arm security alternatives. In T. Cruz, & P. Simoes (Eds.), ECCWS 2019 : Proceedings of the 18th European Conference on Cyber Warfare and Security (pp. 604-612). Academic Conferences International. Proceedings of the European conference on information warfare and security. JYX: jyx.jyu.fi/handle/123456789/67099
  • Artikkeli IV: Kiperberg, Michael; Ben Yehuda, Raz and Zaidenberg. Nezer (2020). HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication. International Conference on Network and System Security. Best paper award. DOI: 10.1007/978-3-030-65745-1_5
  • Artikkeli V: Ben Yehuda, R., & Zaidenberg, J. (2020). Protection against reverse engineering in ARM. International Journal of Information Security, 19(1), 39-51. DOI: 10.1007/s10207-019-00450-1. JYX: jyx.jyu.fi/handle/123456789/67650
  • Artikkeli VI: Ben Yehuda, R., & Zaidenberg, N. J. (2020). The hyplet : Joining a Program and a Nanovisor for real-time and Performance. In SPECTS 2020 : International Symposium on Performance Evaluation of Computer & Telecommunication Systems. IEEE. Full text: ieeexplore.ieee.org/abstract/document/9203743/. JYX: jyx.jyu.fi/handle/123456789/74090
  • Artikkeli VII: Zaidenberg, N. J., Kiperberg, M., Yehuda, R. B., Leon, R., Algawi, A., & Resh, A. (2020). Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot. In P. Mori, S. Furnell, & O. Camp (Eds.), ICISSP 2019 : 5th International Conference on Information Systems Security and Privacy, Revised Selected Papers (pp. 317-334). Springer. Communications in Computer and Information Science, 1221. DOI: 10.1007/978-3-030-49443-8_15
  • Artikkeli VIII: Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. DOI: 10.1016/j.fsidi.2020.301106
  • Artikkeli IX: Ben Yehuda, Raz and Zaidenberg, Nezer. Offline nanovisor. Submitted.
  • Artikkeli X: Ben Yehuda, Raz; Aronov, Adam; Ekstein, Or; Kiperberg, Michael and Zaidenberg, Nezer. C FLAT nanovised. Submitted.
  • Artikkeli XI: Stajnord, Ron; Ben Yehuda, Raz and Zaidenberg, Nezer. Attacking Trust-Zone. Submitted.
License
In CopyrightOpen Access
Copyright© The Author & University of Jyväskylä

Share

Similar Items