CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG - - PowerPoint PPT Presentation

case cache assisted secure execution on arm processors
SMART_READER_LITE
LIVE PREVIEW

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG - - PowerPoint PPT Presentation

May 02, 2023 38 likes •251 views

CaSE: Cache-Assisted Secure Execution on ARM Processors N1 N1NG NG ZHA ZHANG , KUN SUN, WENJING LOU, TOM HOU Talk Outline Motivation and Background Why this work ? Threat Model What are we defending against ? CaSE:

slide-1
SLIDE 1

CaSE: Cache-Assisted Secure Execution on ARM Processors

N1 N1NG NG ZHA ZHANG, KUN SUN, WENJING LOU, TOM HOU

slide-2
SLIDE 2

Talk Outline

üMotivation and Background – Why this work ? üThreat Model – What are we defending against ? üCaSE: Cache-Assisted Secure Execution – How does it work? üCaSE highlight – Challenges ? üEvaluation – How did we do ? üConclusion and future Work

slide-3
SLIDE 3

Threat to Mobile devices

slide-4
SLIDE 4

ARM TrustZone – Trusted Execution Environment (TEE)

System Wide Protection

üDivides system resources into two worlds üNormal World runs the content rich OS üSecure World runs security critical services üThe protection of resources includes

  • processor, memory and IO devices

Normal World Secure World

slide-5
SLIDE 5

Many Products use ARM TrustZone

slide-6
SLIDE 6

Smart Devices Going Mo

Mobile

slide-7
SLIDE 7

Hardware Attacks - Cold Boot Attack

slide-8
SLIDE 8

Previous Works on Coldboot Defense

TRESOR Sec 2011 – Register-based RAM-less AES encryption Copker NDSS 2014 – Cache-based RAM-less RSA encryption PixelVault CCS 2014 – GPU based RAM-less encryption Sentry ASPLOS 2015 – Cache-based RAM-less encryption Mimosa S&P 2015 – Transactional-based RAM-less encryption

slide-9
SLIDE 9

Multi-vector Adversary

slide-10
SLIDE 10

Introducing CaSE - Goals

üDefense against Multi-Vector adversary

üPhysical memory disclosure attack – Cold boot üCompromised rich OS

üProvide confidentiality and integrity to both the code and data of the binaries in TEE

üConfidentiality – Protects IP, secret code, sensitive data üIntegrity – Program behavior

slide-11
SLIDE 11

System On Chip (SoC)

Threat Model

DRAM

Secure Cache NonSecure Normal World Memory Secure Memory Secure OS NonSecure Rich OS NonSecure Cache Processor Cache

slide-12
SLIDE 12

Case-Assisted Execution in Secure World

System On Chip (SoC) DRAM

NonSecure Normal World Memory Secure Memory Secure OS NonSecure Rich OS Processor Cache

Secure storage Packer

0101010110101101 1101 1001 1101 0101 0101010110101101

Context

slide-13
SLIDE 13

Case-Assisted Execution in Normal World

System On Chip (SoC) DRAM

Secure Memory NonSecure Normal World Memory NonSecure OS Secure Rich OS Processor Cache

Secure storage Packer

0101010110101101 1101 1001 1101 0101

Context

0101010110101101 1101 0101010110101101011010100 0101 1101 0101010110101101011010100 0101

CaSE Manager

slide-14
SLIDE 14

Controlling the Cache

üCache Locking is available through L2 cache lockdown CP15 coprocessor üThe granularity of locking is per cache way üOn Cortex-A8, which has 8 way total 256KB L2 unified cache

slide-15
SLIDE 15

SoC-Bound Execution – Cache Locking

slide-16
SLIDE 16

Self Modifying Program

System On Chip (SoC)

L1 Instruction Cache L1 Data Cache L2 Unified Cache

slide-17
SLIDE 17

Self Modifying Program

System On Chip (SoC)

L1 Instruction Cache L1 Data Cache L2 Unified Cache

slide-18
SLIDE 18

Feasibility of using Cache as Memory

slide-19
SLIDE 19

Performance Impact to the Application

slide-20
SLIDE 20

Performance Impact to the System

slide-21
SLIDE 21

Conclusion

üA secure cache-assisted SoC-bound execution framework

üProvide confidentiality and integrity to sensitive code and data of applications üProtect against both software attacks and cold boot attack.

üIn the future, we would like to further study efficient method to provide OS support to the TEE.