boomerang exploiting the semantic gap in trusted
play

Boomerang: Exploiting the Semantic Gap in Trusted Execution - PowerPoint PPT Presentation

Dec 16, 2022 •577 likes •1.1k views

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

  1. Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. SANDNO. 2017-XXXXP

  2. Trusted Execution Environment (TEE) ● Hardware-isolated execution environments (e.g., ARM TrustZone) ○ Non-secure world ■ Untrusted OS and untrusted applications (UAs) (e.g., Android and apps) ○ Secure world ■ Higher privilege, can access everything ■ Trusted OS and trusted applications (TAs).

  3. ARM TrustZone NS Bit ● 0 - Secure or Trusted ● 1 - Non-secure or Non-trusted or Untrusted Picture reused from arm.com

  4. Untrusted OS ↔ Trusted OS ● Untrusted applications (UAs) request trusted applications (TAs) to perform privileged tasks. ● TAs should verify the request and perform it only if the request is valid. ○ Example: Sign the contents of a memory region ■ TA should check if the requested memory region belongs to untrusted OS before computing the signature of it.

  5. Untrusted OS ↔ Trusted OS Non-Secure World Secure World Untrusted Trusted Application (UA) Application (TA) Userspace Supervisor Trusted OS Untrusted OS

  6. Untrusted OS ↔ Trusted OS Non-Secure World Secure World Untrusted Trusted ? Application (UA) Application (TA) Userspace Supervisor Trusted OS Untrusted OS

  7. Untrusted OS ↔ Trusted OS Non-Secure World Secure World Untrusted Trusted Application (UA) Application (TA) Library Userspace Supervisor Driver Interface (ioctl) Trusted OS Untrusted OS

  8. Untrusted OS ↔ Trusted OS Non-Secure World Secure World Untrusted Trusted Application (UA) Application (TA) Library Userspace Supervisor SMC Driver Interface (ioctl) Interface Trusted OS TEE Untrusted OS

  9. Untrusted OS ↔ Trusted OS Non-Secure World Secure World Untrusted Trusted Application (UA) Application (TA) Library Userspace Supervisor Driver Interface (ioctl) Interface Trusted OS TEE Untrusted OS

  10. Untrusted OS ↔ Trusted OS Non-Secure World Secure World Untrusted Trusted Application (UA) Application (TA) Library Userspace Supervisor Driver Interface (ioctl) Interface Trusted OS TEE Untrusted OS

  11. Communication with TA ● Requests to TA can contain pointers. struct keymaster_sign_data_cmd { uint32_t data_ptr; // Pointer to the data to sign size_t dlen; // length of the data to sign }; Structure of a sign request to KeyMaster TA.

  12. Pointer translation and sanitization in untrusted OS ● Memory model could be different in untrusted and trusted OSes. ● One should use physical address for all pointer values between trusted and untrusted OSes.

  13. Pointer translation and sanitization in untrusted OS ● Sanitization: Untrusted OS should check that the UA has access to the pointer provided in the request. ● Translation: Convert the virtual address to physical address. ● We call this functionality in untrusted OS as PTRSAN .

  14. Example PTRSAN int ptr_san(void *data, size_t len, phy_t *target_phy_addr) { Sanitization if(! access_ok(VERIFY_WRITE, data, len) ) { return -EINVAL; } Translation * target_phy_addr = get_physical_address(data) ; return 0; }

  15. PTRSAN Non-Secure World Secure World Trusted Application (TA) Untrusted Application (UA) P P P P P P T T T T T T R R R R R R Userspace Supervisor PTRSAN P P P P P P T T T T T T R R R R R R Trusted OS Untrusted OS Unknown VA PA

  16. Handling untrusted pointers in trusted OS ● Check if the physical address indicated by the pointer belongs to the non-secure memory. ○ Protect trusted OS against untrusted OS ● Trusted OS (or TA) has no information about the UA which raised the request.

  17. Handling untrusted pointers in trusted OS ● Check if the physical address indicated by the pointer belongs to the non-secure memory. ○ Protect trusted OS against untrusted OS Semantic Gap ● Trusted OS (or TA) has no information about the UA which raised the request.

  18. Bypassing Sanitization Non-Secure World Secure World Trusted Application (TA) Untrusted Application (UA) P P P P P P T T T T T T R R R R R R Userspace Supervisor PTRSAN P P P P P P T T T T T T R R R R R R Trusted OS Untrusted OS Unknown VA PA

  19. Bypassing Sanitization Non-Secure World Secure World Trusted Application (TA) Untrusted Application (UA) P P P P P P P P T T T T T T T T R R R R R R R R Userspace Supervisor PTRSAN P P P P P P T T T T T T R R R R R R Trusted OS Untrusted OS Malicious Unknown VA PA

  20. Boomerang flaw Non-Secure World Secure World Trusted Application (TA) Untrusted Application (UA) P P P P P P P P T T T T T T T T R R R R R R R R Userspace Supervisor PTRSAN P P P P P P T T T T T T R R R R R R Trusted OS Untrusted OS Malicious Unknown VA PA

  21. Boomerang flaw ● Real world PTRSAN implementations are complex. ● Can we bypass the validation and make PTRSAN translate arbitrary physical address?

  22. YES!! ● We can bypass PTRSAN in all of the popular TEE implementations. TEE Name Vendor Impact Bug Details TrustedCore Huawei Arbitrary write CVE-2016-8762 QSEE Qualcomm Arbitrary write CVE-2016-5349 Trustonic As used by Samsung Arbitrary write PZ-962* No response from Sierra TEE Sierraware Arbitrary write vendor Write to other OP-TEE Linaro Github issues 13, 14 application’s memory *concurrently found by Google Project Zero (laginimaineb)

  23. How to exploit Boomerang flaws?

  24. Automatic detection of vulnerable TAs ● Goal: Find TAs which accepts pointers ● Static analysis of the TA binary: ○ Recover CFG of the TA ○ Paths from the entry point to potential sinks ○ Output the trace of Basic Block addresses

  25. Results TEE Name Number of TAs Vulnerable TAs QSEE 3 3 TrustedCore 10 6 Arbitrary kernel memory read on Qualcomm phones. ✓ Kernel code execution on Huawei P8 and P9. ✓ Demonstrated at GeekPwn. ✓ Geekpwn Grand Prize ($$$) ✓

  26. Impact ● Compromising untrusted OS == Rooting your device. ● Hundreds of millions of devices on the market today. ● Fixes yet to be released. ● Your device may be vulnerable!!!

  27. Expectation + =

  28. Reality + =

  29. How to prevent Boomerang attacks?

  30. Just fix PTRSAN? NO!! This requires to understand the semantics of current and future TAs. ● Structure of the TA request? ● Which fields within the structure are pointers?

  31. Root Cause ● Semantic Gap : Inability of the TA (or TEE) to verify whether the requested UA has access to the requested memory ● Should have a mechanism for the TA (or TEE) to verify or bridge the semantic gap.

  32. Existing Defenses ● Page Table Introspection ● Dedicated Shared Memory Region (DSMR)

  33. Page Table Introspection ● Implemented in NVIDIA Trusted Little Kernel. ● Untrusted OS sends an id (e.g., pid) of the requested app (UA) along with every request. ● TA or TEE verify the access of all untrusted pointers by referring to the requested app page table .

  34. Page Table Introspection Pros: ● Easy to implement. Cons: ● Trusted OS depends on Untrusted OS ● Increases attack surface ● Page table walking could be dangerous

  35. Dedicated Shared Memory Region (DSMR) ● Implemented in Open Platform -Trusted Execution Environment (OP-TEE). ● Dedicated memory region for communication between trusted and untrusted OS. ● UA should request access to the shared memory. ● TA or TEE verify that all untrusted pointers are within the dedicated memory region.

  36. Dedicated Shared Memory Region (DSMR) Pros: ● Simple ● Independence from Untrusted OS Cons: ● UA can interfere with other UAs via TAs (Partial Boomerang) ● Additional copying to/from shared memory ● Allocation of shared memory could become bottleneck in case of multithreaded applications. ● Some applications (integrity monitoring) are hard to implemented using DSMR.

  37. Cooperative Semantic Reconstruction (CSR) ● Novel defense proposed by us. ● Provides a channel for Trusted OS to query Untrusted OS for validation.

  38. Cooperative Semantic Reconstruction (CSR) Normal flow

  39. Cooperative Semantic Reconstruction (CSR) Normal flow

  40. Cooperative Semantic Reconstruction (CSR) Normal flow

  41. Cooperative Semantic Reconstruction (CSR) Verification flow Normal flow

  42. Cooperative Semantic Reconstruction (CSR) Verification flow Normal flow

  43. Cooperative Semantic Reconstruction (CSR) Verification flow Normal flow

  44. Cooperative Semantic Reconstruction (CSR) Verification flow Normal flow

  45. Cooperative Semantic Reconstruction (CSR) Verification flow Normal flow

  46. Implementation ● Open Platform-Trusted Execution Environment (OP-TEE) ● Easy to use ● Helpful community ● Has DSMR already implemented ● HiKey Development board (Lemaker Version)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EXPLOITING AND REMODELLING SEMANTIC RELATIONSHIPS Fran Ale lexande der, , Taxonomy Manager,

EXPLOITING AND REMODELLING SEMANTIC RELATIONSHIPS Fran Ale lexande der, , Taxonomy Manager,

TRANSFORMATION OF A LEGACY UDC- BASED CLASSIFICATION SYSTEM: EXPLOITING AND REMODELLING SEMANTIC RELATIONSHIPS Fran Ale lexande der, , Taxonomy Manager, BBC Information and Archives, London, UK Andy y Heather er, , Chief Technical

165 views • 14 slides
Personalizing Relevance on the Semantic Web through Trusted Recommendations from a Social

Personalizing Relevance on the Semantic Web through Trusted Recommendations from a Social

Personalizing Relevance on the Semantic Web through Trusted Recommendations from a Social Network Tom Heath Enrico Motta Knowledge Media Institute The Open University 12/06/2006 search results, personalised to you Personalizing Relevance

309 views • 20 slides
Check Yourself Before You Wreck Yourself Auditing and Improving the Performance of Boomerang Nic

Check Yourself Before You Wreck Yourself Auditing and Improving the Performance of Boomerang Nic

Check Yourself Before You Wreck Yourself Auditing and Improving the Performance of Boomerang Nic Jansma njansma@akamai.com @nicj Why are we here today? Boomerang: an open-source Real User Monitoring (RUM) third-party library

645 views • 41 slides
Exploiting and Expanding Corpus Resources for Frame-Semantic Parsing Nathan Schneider, CMU

Exploiting and Expanding Corpus Resources for Frame-Semantic Parsing Nathan Schneider, CMU

Exploiting and Expanding Corpus Resources for Frame-Semantic Parsing Nathan Schneider, CMU (with Chris Dyer & Noah A. Smith) April 26, 2013 IFNW13 1 FrameNet + NLP = <3 We want to develop systems that understand text

1.07k views • 85 slides
Semantic Tagging Using Topic Models Exploiting Wikipedia Category Network Nitesh Prakash, Duncan

Semantic Tagging Using Topic Models Exploiting Wikipedia Category Network Nitesh Prakash, Duncan

Semantic Tagging Using Topic Models Exploiting Wikipedia Category Network Nitesh Prakash, Duncan Rule, Boh Young Suh Introduction Goal: tag web articles with most probable Wikipedia categories - What is the article about in terms of

184 views • 15 slides
Boomerang Connectivity Table Revisited Ling Song 1,2 , Xianrui Qin 3 , Lei Hu 2 1. Nanyang

Boomerang Connectivity Table Revisited Ling Song 1,2 , Xianrui Qin 3 , Lei Hu 2 1. Nanyang

Boomerang Connectivity Table Revisited Ling Song 1,2 , Xianrui Qin 3 , Lei Hu 2 1. Nanyang Technological University, Singapore 2. Institute of Information Engineering, CAS, China 3. Shandong University, China FSE 2019 @ Paris Boomerang Attacks

483 views • 37 slides
n2Mate Exploiting social capital to create a standards-rich semantic network David Peterson

n2Mate Exploiting social capital to create a standards-rich semantic network David Peterson

Presented by Dr Renato Iannella n2Mate Exploiting social capital to create a standards-rich semantic network David Peterson BoaB interactive david@boabinteractive.com.au Anne Cregan National ICT Australia anne.cregan@nicta.com.au

416 views • 17 slides
On the Boomerang Uniformity of Cryptographic Sboxes Christina Boura and Anne Canteaut University

On the Boomerang Uniformity of Cryptographic Sboxes Christina Boura and Anne Canteaut University

On the Boomerang Uniformity of Cryptographic Sboxes Christina Boura and Anne Canteaut University of Versailles, France Inria Paris, France FSE 2019, Paris Boomerang attacks [Wagner 99] Combine differentials for two sub-ciphers: a E 0 d

634 views • 19 slides
Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web companies starting & growing Siderean, SandPiper, SiberLogic, Ontology Works, Intellidimension, Intellisophic, TopQuadrant, Data Grid, Mondeca,

481 views • 23 slides
Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA Rocquencourt & Trusted Logic 1 Outline 1. What makes strongly typed programs more secure? 2. Enforcing strong typing (bytecode verification). 3.

828 views • 45 slides
TAINTED GIFTS GIFT OR BOOMERANG? Andrew Bird and Gary Pons 5 St Andrews Hill www.5sah.co.uk

TAINTED GIFTS GIFT OR BOOMERANG? Andrew Bird and Gary Pons 5 St Andrews Hill www.5sah.co.uk

TAINTED GIFTS GIFT OR BOOMERANG? Andrew Bird and Gary Pons 5 St Andrews Hill www.5sah.co.uk October 2018 TAINTED GIFTS GIFT OR BOOMERANG? The role of Tainted Gifts in the confiscation system What is a gift? It looks

659 views • 30 slides
What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by

What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by

What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by international standards body the World Wide Web Consortium (W3C).[1] ... By encouraging the inclusion of semantic content in web pages, the

578 views • 44 slides
Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data Gerome Miklau University of Massachusetts, Amherst DIMACS Workshop on Recent Work on Di ff erential Privacy across Computer Science October 2012

1.39k views • 136 slides
Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly

Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly

SemEval 2014 Task-3 Cross-Level Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly focused on similar types of lexical items Semantic Similarity What if we have different types of inputs? CLSS:

971 views • 47 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
Complications Using the Boomerang Technique Elvio Bueno Garcia, MD, PhD; Augusto Gurgel, MD;

Complications Using the Boomerang Technique Elvio Bueno Garcia, MD, PhD; Augusto Gurgel, MD;

Division of Plastic and Reconstructive Surgery Federal University of So Paulo Unifesp/EPM So Paulo, Brazil How to Reduce Thighplasty Complications Using the Boomerang Technique Elvio Bueno Garcia, MD, PhD; Augusto Gurgel, MD; Natasha

340 views • 13 slides
Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel McCallum Sr. Principal Engineer Trusted Execution Environments Trusted Execution Environments Host TEE TEE is a protected area within the host,

1.05k views • 22 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

599 views • 30 slides
The Origins of Silicon Valley: Why and How It Happened Paul Wesling, H-P (retired), IEEE Life

The Origins of Silicon Valley: Why and How It Happened Paul Wesling, H-P (retired), IEEE Life

The Origins of Silicon Valley: Why and How It Happened September 25, 2019 Lehigh Valley Section, IEEE at Lehigh University The Origins of Silicon Valley: Why and How It Happened Paul Wesling, H-P (retired), IEEE Life Fellow

1.08k views • 38 slides
OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde <mkl@pengutronix.de> Slide 1 - http://www.pengutronix.de - 2017-10-23 Overview ARM

1.06k views • 18 slides
Updates from the RISC-V TEE Group Nick Kossifidis <mick@ics.forth.gr> Security-related

Updates from the RISC-V TEE Group Nick Kossifidis <mick@ics.forth.gr> Security-related

Updates from the RISC-V TEE Group Nick Kossifidis <mick@ics.forth.gr> Security-related RISC-V Task Groups 2 About the TEE Task Group One of the most popular groups (112 registered members) Regular conference calls / mailing list

675 views • 13 slides
Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel Busch , Kalle Dirsch 2020-02-23 Friedrich-Alexander-University Erlangen-Nrnberg, Germany BAR20 BAR20 Motivation How secure are

352 views • 16 slides
Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

696 views • 35 slides

More recommend