On the Cost-Effectiveness of TrustZone Defense on ARM Platform

In recent years, research efforts have been made to develop safe and secure environments for ARM platform. The ARMv8 architecture brought in security features by design. However, there are still some security problems with ARM. For example, on ARM platform, there are risks that the system is vulnerable to cache-based attacks like sidechannel attacks. The success of such attacks highly depends on accurate information about the victim’s cache accesses. Cortex-M series, on the other hand, have some design so that the side-channel attack can be prevented, but it also needs a security design to ensure the security of the users’ privacy data. In this paper, we focus on TrustZone based approach to defend against cache-based attack on Cortex-A and Cortex-M series chips. Our experimental evaluation and theoretical analysis show the effectiveness and efficiency of FLUSH operations when entering and leaving TrustZone, which helps in design defense framework based on our research.

[1]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[2]  Dawn Xiaodong Song,et al.  Keystone: A Framework for Architecting TEEs , 2019, ArXiv.

[3]  Pengcheng Zhang,et al.  KPaM: A Key Protection Framework for Mobile Devices Based on Two-party Computation , 2019, 2019 IEEE Symposium on Computers and Communications (ISCC).

[4]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[5]  Bart Coppens,et al.  Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.

[6]  Gorka Irazoqui Apecechea,et al.  A Faster and More Realistic Flush+Reload Attack on AES , 2015, COSADE.

[7]  Ruby B. Lee,et al.  A novel cache architecture with enhanced performance and security , 2008, 2008 41st IEEE/ACM International Symposium on Microarchitecture.

[8]  Jean-Pierre Seifert,et al.  Software mitigations to hedge AES against cache-based software side channel vulnerabilities , 2006, IACR Cryptol. ePrint Arch..

[9]  Gorka Irazoqui Apecechea,et al.  Wait a Minute! A fast, Cross-VM Attack on AES , 2014, RAID.

[10]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[11]  Dan Page,et al.  Partitioned Cache Architecture as a Side-Channel Defence Mechanism , 2005, IACR Cryptology ePrint Archive.

[12]  Valerio Schiavoni,et al.  On The Performance of ARM TrustZone , 2019, ArXiv.

[13]  Zhenyu Wu,et al.  Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud , 2015, IEEE/ACM Transactions on Networking.

[14]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[15]  Ruby B. Lee,et al.  Random Fill Cache Architecture , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[16]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[17]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[18]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.