arm platform
play

ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS - PowerPoint PPT Presentation

Oct 12, 2022 •362 likes •618 views

On the Cost-Effectiveness of TrustZone Defense on ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY Contents Abstract and Introduction Related Work Cache-Based Security Threats and Attack

  1. On the Cost-Effectiveness of TrustZone Defense on ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY

  2. Contents  Abstract and Introduction  Related Work  Cache-Based Security Threats and Attack  Design and Implementations  Experimental Results  Evaluation  Future Work  Conclusion 2

  3. Abstract and Introduction  Abstract  In Recent years, many research efforts had been made on secure and safe environment on ARM platform.  ARM structure and chips based on ARM had been taking up a lot of number of products in the market.  Security problems and potential risks had been discussed.  Cache and similar design brings in ‘trouble’ for security purposes.  Uniqueness on ARM-based products made things even tougher to solve.  What will we do?  Design defense framework for ARM  Evaluate by experiments  Optimization 3

  4. Abstract and Introduction  Introduction  Last-Level Cache (LLC) is always the target of side-channel attack. On x86 structure, it is always L3 cache that is attacked.  Last-level cache side- channels are effective enough to extract user’s private information.  Side-channel: collecting information like performance counters, timing, power consumption, etc. And process the information to derive information about the victim.  Most frequently used: access time based side-channels. 4

  5. Abstract and Introduction  Introduction (Continued)  Side-channel attack based via LLC can be dangerous, even without compromising OS.  Both on single OS machine and Virtual Machines (VMs) can be attacked.  Typical type: FLUSH+RELOAD  LLC is shared.  FLUSH+RELOAD can be practical using unprivileged instructions.  AES key of OpenSSL is recovered by this attack in lab test.  Threats to the Internet of Things (IoT) and devices  Modern TrustZone Design on ARM platform 5

  6. Abstract and Introduction  Introduction (Continued)  Contributions  Research on side-channel and covert-channel attack: bandwidth and effect.  Investigation on Flush operations on ARM platform and overhead.  Study of TrustZone technology and previous security design based on TrustZone.  Investigation on critical instructions related to TrustZone operations.  Test of cache flush operations: overhead and effect.  Different discussion based on ARMv8-A and ARMv8-M structures. 6

  7. Related Work  Side Channel Attacks  LLC based side-channel attacks: Flush+Reload, Prime+Probe  Effectiveness of LLC based side-channels 7

  8. Related Work  Security Design and Protections  Hardware Solution: Intel SGX, ARM TrustZone  Hardware isolation for an enclave  New instructions to establish, protect  Call gate to enter  Remote attestation  Processor manufacturer is the root of the trust  Prime+Probe Attack: March, 2017  Target to DRAM 8

  9. Related Work  ARM TrustZone  Based on ARM Cortex-A and Cortex-M series  Privileged instructions to call entry/exit  Light-weighted comparing with other protection  ARM helps in creating Trusted Execution Environments (TEE)  Cache Problems  ARM Cortex-A series  ARM Cortex-M series (ARMv8-M) 9

  10. Related Work  Previous Defense Strategy against Side-Channels  LLC-level Protection (memory access control)  Cache enclaves (Trusted vs. Untrusted)  Scheduler-based solutions  Others  Cache Flush against Side-Channels  Benefits: easy to implement, ensure safety  Problems: high overhead, not adaptive to every situation 10

  11. Cache-Based Security Threats and Attack  Overview  Users’ memory access are not protected by TrustZone – Covert Channel (Sharing resources)  TrustZone Entry/Exit without Flushing cache – Side-Channel (Malicious collecting access time)  Flush+Reload Attack  Prime+Probe Attack  Malicious eavesdropping 11

  12. Cache-Based Security Threats and Attack  Side-Channel Attack Experiment  Flush+Reload Attack  step 0: attacker maps shared library → shared memory, shared in cache  step 1: attacker flushes the shared line  step 2: victim loads data while performing encryption  step 3: attacker reloads data → fast access if the victim loaded the line  Prime+Probe Attack  step 0: attacker fills the cache (prime)  step 1: victim evicts cache lines while performing encryption  step 2: attacker probes data to determine if the set was accessed 12

  13. Design and Implementations  TrustZone-Related Instructions  ARMv8-A  Test Environment: ARM Juno r1 Board, with A57 and A53 chips; QEMU as testing benchmark.  ARMv8-M  Test Environment: ARM Development Kits with Cortex-M4 13

  14. Design and Implementations  Experiments on TrustZone Instructions  ARMv8-M  Our experiments on ARMv8-M are using ARM Versatile V2M-MPS2 Motherboard with an ARM Cortex- M4 chip. It offers 8Mb of single cycle SRAM, and 16Mb of PSRAM. It supports the application of different ARM Cortex-M classes, from Cortex-M0, to M3, M4, and M7. 14

  15. Experimental Results  Experiments on TrustZone Instructions  ARMv8-A  We use Ubuntu 16.10 as the normal world OS, with 26 processes running on background, including the workload we use for testing. We count the smc-related instructions that belongs to TrustZone- related operations, and analyze the attributions of them. Type Percentage Non-secure to Secure 2.87% Test R/W Secure to Non-secure 2.91% Test R/W Others (Access from 0.01% Background) 15

  16. Experimental Results  Experiments on TrustZone Instructions  ARMv8-A  With every smc-related instruction, we operate Flush on cache. 16

  17. Experimental Results  Experiments on TrustZone Instructions  ARMv8-A  We change the overall percentage of smc instructions and see the overhead difference. 17

  18. Experimental Results  Experiments on TrustZone Instructions  Cortex-M  Our experiments on ARMv8-M are using ARM Versatile V2M-MPS2 Motherboard with an ARM Cortex- M4 chip. It offers 8Mb of single cycle SRAM, and 16Mb of PSRAM. It supports the application of different ARM Cortex-M classes, from Cortex-M0, to M3, M4, and M7. 18

  19. Experimental Results  Experiments on TrustZone Instructions  Cortex-M  Using Testing Program as shown above. Operation Direction Cost on Average (Clock Cycles) SG Non-Secure to 3.5 Secure BXNS/BLX Secure to Non- 5.2 NS Secure 19

  20. Experimental Results  Experiments on TrustZone Instructions  ARMv8-M  We change TrustZone entry/exit frequency by setting different parameters in inner and outer loop. The overhead can be limited to less than 5%. 20

  21. Evaluation  On the cost-effectiveness balance of defending by Flush operations  Flush operations are necessary, but they cost much;  We can never wipe out the risk, but can cut down bandwidth;  Adaptive strategy can be used to keep the balance of performance and effectiveness;  Even better on ARMv8-M chips. 21

  22. Evaluation  On TrustZone related instructions  Most of the apps and users are not ‘making use of’ TrustZone features;  On IoT devices, TrustZone is not costing much resources;  It is possible to move some of the hardware/software security design into TrustZone surface;  Cortex-M series chips perform better than Cortex-A series chips.  On Cortex-A series chips or x86 chips, cache flush operations are just some instructions with privileges. However, the case are different on ARMv8-M. The allocation of a memory address to a cache address is defined by the designers of the applications.  Because of the special structure of ARMv8-M, the cache Flush operations are sets of DSB (Data Synchronization Barrier) operations, with address-related instructions. 22

  23. Future Work  Implementations and Experiments  Design and implement a defense framework based on ARMv8-M.  Test the performance of defense framework using some benchmarks, and optimize the framework to good effectiveness and lower overhead.  Port defense framework to new ARMv8-M boards: M23 and M33 series chips.  Theory Work  Study adaptive control method in theory to match the experimental results, and predict the optimal solution of best adaptive control in defense.  Investigate entropy theory based on experimental results, predictions and related theory.  Discuss performance of implemented defense framework in theory, and try to have theoretical conclusion on defense against cache-based attack. 23

  24. Conclusion  Cache-based attack are new focal point on security design, with risks of leaking information through side-channel and covert channels.  Flushing cache is effective to cut down the risk, but with high performance overhead, and sometimes not affordable.  On IoT devices, the performance of connecting with TrustZone can be better, which brings the possibility to making use of TrustZone. 24

  25. Thank you! Naiwei Liu, UTSA ICS Lab, Naiwei.liu@utsa.edu Ravi Sandhu, UTSA ICS Lab, ravi.sandhu@utsa.edu Meng Yu, Roosevelt University, myu04@Roosevelt.edu 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Forbruger Europa Christel Hst clp@forbrugereuropa.dk ODR platform About the ODR-platform

Forbruger Europa Christel Hst clp@forbrugereuropa.dk ODR platform About the ODR-platform

Forbruger Europa Christel Hst clp@forbrugereuropa.dk ODR platform About the ODR-platform Aim: to solve cross border complaints fast and cost efficiently Challenges: language barriers ODR platform Using the platform 1. A

713 views • 7 slides
Delfi COM Platform What stands behind the term: Delfi COM Platform? The Delfi COM Platform

Delfi COM Platform What stands behind the term: Delfi COM Platform? The Delfi COM Platform

Delfi COM Platform What stands behind the term: Delfi COM Platform? The Delfi COM Platform faciliates the communication and data transfer between handheld terminals and ERP systems. The Delfi COM Platform consists of: 1. Delfi COM Center 2.

126 views • 10 slides
Presentation of Platform Zero Incidents Platform Zero Incidents Platform Zero Incidents MENTAL

Presentation of Platform Zero Incidents Platform Zero Incidents Platform Zero Incidents MENTAL

Maurits van der Linde Presentation of Platform Zero Incidents Platform Zero Incidents Platform Zero Incidents MENTAL SHIFT ZERO INCIDENTS CLIMATE The experts of transporting (dangerous) goods via inland waterways are on board ! INDIVIDUAL AND

299 views • 16 slides
M-LIMA PLATFORM M-LIMA PLATFORM Definition M-LIMA is the platform that is meant to improve the

M-LIMA PLATFORM M-LIMA PLATFORM Definition M-LIMA is the platform that is meant to improve the

M-LIMA PLATFORM M-LIMA PLATFORM Definition M-LIMA is the platform that is meant to improve the productivity of farmers and connect them to different markets and stakeholders via web and mobile technologies using USSD and SMS Channels. Purpose

287 views • 12 slides
ESCeL Platform & NCS Initiatives ESCeL eLearning Platform ESCeL Platform MISSION STATEMENT

ESCeL Platform & NCS Initiatives ESCeL eLearning Platform ESCeL Platform MISSION STATEMENT

ESCeL eLearning Platform ESCeL Platform & NCS Initiatives ESCeL eLearning Platform ESCeL Platform MISSION STATEMENT "The highest European standard of training and education, to as many as possible, at the lowest cost

577 views • 19 slides
INSIDE THE PLATFORM Who are we Classic platforms Classic platform Modern platform Modern

INSIDE THE PLATFORM Who are we Classic platforms Classic platform Modern platform Modern

THE HIDDEN DANGERS INSIDE THE PLATFORM Who are we Classic platforms Classic platform Modern platform Modern platform Modern platform Modern platform Attackers motivation Attackers motivation Stealth Persistence Low level

453 views • 34 slides
The Platform for Collaboration on Tax (PCT) The Platform for Collaboration on Tax: A major step to

The Platform for Collaboration on Tax (PCT) The Platform for Collaboration on Tax: A major step to

The Platform for Collaboration on Tax (PCT) The Platform for Collaboration on Tax: A major step to boost international cooperation in tax matters United Nations Headquarters, New York, 21 October 2016 Background and context The Sustainable

189 views • 17 slides
INFINITY ECM PLATFORM Unique multifunctional Cloud SW platform that every World Company needs.

INFINITY ECM PLATFORM Unique multifunctional Cloud SW platform that every World Company needs.

INFINITY ECM PLATFORM Unique multifunctional Cloud SW platform that every World Company needs. INFINITY ECM Short Info 1 INFINITY ECM is a modern multi-functional Enterprise Content Management platform for horizontal markets that includes a

204 views • 8 slides
Innovati tive e Tec echnologic ological l Platform orm 3d.FAB Innovation Platform 1

Innovati tive e Tec echnologic ological l Platform orm 3d.FAB Innovation Platform 1

Innovati tive e Tec echnologic ological l Platform orm 3d.FAB Innovation Platform 1 Innovati tive e Tec echnologic ological l Platform orm First European State funded lab / platform dedicated to 3D printing in life science.

295 views • 16 slides
The Solumer Platform HIGHLIGHTS Industry VALIDATED PROPRIETARY Platform

The Solumer Platform HIGHLIGHTS Industry VALIDATED PROPRIETARY Platform

The Solumer Platform HIGHLIGHTS Industry VALIDATED PROPRIETARY Platform FAST turnaround Standardized process, CUSTOMIZABLE formulations SIMPLE & COST EFFECTIVE implementation EASY to scale up

400 views • 16 slides
TPM: Trusted Platform Module Sumeet Bajaj sbajaj@cs.stonybrook.edu 9 Feb 2011 CSE 408

TPM: Trusted Platform Module Sumeet Bajaj sbajaj@cs.stonybrook.edu 9 Feb 2011 CSE 408

TPM: Trusted Platform Module Sumeet Bajaj sbajaj@cs.stonybrook.edu 9 Feb 2011 CSE 408 Introduction verification request verification data Verifier Platform Attestation of Remote Platform Identify specific platform Verify software

626 views • 24 slides
REQUIREMENTS FOR A PLATFORM PRESENTATION A platform presentation is a 10-15 minute oral

REQUIREMENTS FOR A PLATFORM PRESENTATION A platform presentation is a 10-15 minute oral

Pediatric Residency Program Lucile Packard Childrens Hospital Stanford School of Medicine REQUIREMENTS FOR A PLATFORM PRESENTATION A platform presentation is a 10-15 minute oral presentation of an original research project or paper

73 views • 5 slides
Vertical Industry Platform (VIP) for 5G A WWRF platform addressing the challenges of IoT in 5G

Vertical Industry Platform (VIP) for 5G A WWRF platform addressing the challenges of IoT in 5G

Vertical Industry Platform (VIP) for 5G A WWRF platform addressing the challenges of IoT in 5G Dr. Ming Lei Vice Chair Wireless World Research Forum (WWRF) IEEE 5G Summit Silicon Valley, USA November 16th, 2015 Outline Opportunities

440 views • 29 slides
Power Platform: Getting Started OVERVIEW OF POWER PLATFORM Hugo Barona AZURE SOLUTION ARCHITECT

Power Platform: Getting Started OVERVIEW OF POWER PLATFORM Hugo Barona AZURE SOLUTION ARCHITECT

Power Platform: Getting Started OVERVIEW OF POWER PLATFORM Hugo Barona AZURE SOLUTION ARCHITECT @HmsBarona hugobarona.com t h s Power Platform as a service - What is Power Platform - Power Platform benefits Overview - Value of connecting:

513 views • 22 slides
INFINITY ECM PLATFORM Unique multifunctional Cloud SW platform that every World Company needs.

INFINITY ECM PLATFORM Unique multifunctional Cloud SW platform that every World Company needs.

INFINITY ECM PLATFORM Unique multifunctional Cloud SW platform that every World Company needs. About Us Unique Cloud/On-Premise platform. We provide cutting edge SW IT products for global markets . INFINITY ECM Short Info 2

276 views • 10 slides
Automated Generation of Platform-Variant Applications from Platform-Independent Models via

Automated Generation of Platform-Variant Applications from Platform-Independent Models via

Automated Generation of Platform-Variant Applications from Platform-Independent Models via Templates Nuno Amlio, Christian Glodt, Frederico Pinto, Pierre Kelsen University of Luxembourg Introduction Manual code development is expensive

243 views • 21 slides
New methods for controlling timing channels Andrew Myers Cornell University (with Danfeng

New methods for controlling timing channels Andrew Myers Cornell University (with Danfeng

New methods for controlling timing channels Andrew Myers Cornell University (with Danfeng Zhang, Aslan Askarov) Timing channels e adversary can learn (a lot) from timing measurements. Known to exist Hard to detect Hard to prevent

639 views • 40 slides
A new categorization system for side-channel attacks on mobile devices & more Veelasha

A new categorization system for side-channel attacks on mobile devices & more Veelasha

A new categorization system for side-channel attacks on mobile devices & more Veelasha Moonsamy Radboud University, The Netherlands 06 February 2017 University of Adelaide, Australia Radboud University, Nijmegen, NL 2 Digital Security

759 views • 55 slides
Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 1 / 24 Secure Multi-Execution Outline Secure Multi-Execution

622 views • 29 slides
CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D

CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D

CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D Coordinator Na4onal Coordina4on Office for NITRD Strategic Plan for Federal Cybersecurity R&D Federal Cybersecurity R&D Goals S&T for effec5ve

530 views • 5 slides
COMPGA11: Research in Information Security Steven Murdoch University College London based

COMPGA11: Research in Information Security Steven Murdoch University College London based

COMPGA11: Research in Information Security Steven Murdoch University College London based on a course by Tony Morton Term 2 2014/15 Course summary To develop an understanding of what research in information security is about,

460 views • 24 slides
on Precise Realtime Software Access and Control of Wired Networks Ki Suh Lee, Han Wang, Hakim

on Precise Realtime Software Access and Control of Wired Networks Ki Suh Lee, Han Wang, Hakim

Forensics in the SoNIC Project on Precise Realtime Software Access and Control of Wired Networks Ki Suh Lee, Han Wang, Hakim Weatherspoon Cornell University International Workshop on Trustworthiness, Accountability, and Forensics in the Cloud

693 views • 31 slides
Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21,

Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21,

Wi-Fi Advanced Stealth Laurent BUTTI and Franck VEYSSET hack.lu, Luxembourg October 19-21, 2006 firstname[dot]lastname[AT]francetelecom[dot]com Who Are We? Network security geeks (?) in R&D labs Working for France Telecom -

610 views • 35 slides
Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure, quipe Abstraction Mehdi Bouaziz Friday, May 11 2012 Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, cole normale

839 views • 29 slides

More recommend