SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems

Hundreds of millions of mobile devices worldwide rely on Trusted Execution Environments (TEEs) built with Arm TrustZone for the protection of security-critical applications (e.g., DRM) and operating system (OS) components (e.g., Android keystore). TEEs are often assumed to be highly secure; however, over the past years, TEEs have been successfully attacked multiple times, with highly damaging impact across various platforms. Unfortunately, these attacks have been possible by the presence of security flaws in TEE systems. In this paper, we aim to understand which types of vulnerabilities and limitations affect existing TrustZone-assisted TEE systems, what are the main challenges to build them correctly, and what contributions can be borrowed from the research community to overcome them. To this end, we present a security analysis of popular TrustZone-assisted TEE systems (targeting Cortex-A processors) developed by Qualcomm, Trustonic, Huawei, Nvidia, and Linaro. By studying publicly documented exploits and vulnerabilities as well as by reverse engineering the TEE firmware, we identified several critical vulnerabilities across existing systems which makes it legitimate to raise reasonable concerns about the security of commercial TEE implementations.

[1]  T. Mandt,et al.  Demystifying the Secure Enclave Processor , 2016 .

[2]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[3]  Ning Zhang,et al.  TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices , 2016, IACR Cryptol. ePrint Arch..

[4]  Yunheung Paek,et al.  PrOS: Light-Weight Privatized Se cure OSes in ARM TrustZone , 2020, IEEE Transactions on Mobile Computing.

[5]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[6]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[7]  Yanick Fratantonio,et al.  Drammer: Deterministic Rowhammer Attacks on Mobile Platforms , 2016, CCS.

[8]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[9]  Ning Zhang,et al.  CacheKit: Evading Memory Introspection Using Cache Incoherence , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[10]  Yunheung Paek,et al.  Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices , 2016, USENIX Annual Technical Conference.

[11]  Donguk Kim,et al.  Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone , 2018, ACSAC.

[12]  Yubin Xia,et al.  Building trusted path on untrusted device drivers for mobile devices , 2014, APSys.

[13]  Jinsoo Jang,et al.  PrivateZone: Providing a Private Execution Environment Using ARM TrustZone , 2018, IEEE Transactions on Dependable and Secure Computing.

[14]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[15]  Rui Chang,et al.  MIPE: a practical memory integrity protection method in a trusted execution environment , 2017, Cluster Computing.

[16]  Dawn Xiaodong Song,et al.  Keystone: A Framework for Architecting TEEs , 2019, ArXiv.

[17]  Ahmad-Reza Sadeghi,et al.  ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[18]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[19]  Keegan Ryan,et al.  Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone , 2019, CCS.

[20]  Georg Sigl,et al.  How to Break Secure Boot on FPGA SoCs Through Malicious Hardware , 2017, CHES.

[21]  Andrew Ferraiuolo,et al.  Komodo: Using verification to disentangle secure-enclave hardware from software , 2017, SOSP.

[22]  Lilian Bossuet,et al.  On the security evaluation of the ARM TrustZone extension in a heterogeneous SoC , 2017, 2017 30th IEEE International System-on-Chip Conference (SOCC).

[23]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[24]  Jinsoo Jang,et al.  Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection , 2020, IEEE Transactions on Dependable and Secure Computing.

[25]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[26]  Yuewu Wang,et al.  TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[27]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[28]  Yubin Xia,et al.  TEEv: virtualizing trusted execution environments on mobile platforms , 2019, VEE.

[29]  Adriano Tavares,et al.  Virtualization on TrustZone-Enabled Microcontrollers? Voilà! , 2019, 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS).

[30]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[31]  Christopher Krügel,et al.  BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments , 2017, NDSS.

[32]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[33]  Lin Zhong,et al.  Ginseng: Keeping Secrets in Registers When You Distrust the Operating System , 2019, NDSS.

[34]  Johannes Winter,et al.  The ANDIX research OS — ARM TrustZone meets industrial control systems security , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[35]  Bobby Bhattacharjee,et al.  SeCloak: ARM Trustzone-based Mobile Peripheral Control , 2018, MobiSys.

[36]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[37]  Ahmad-Reza Sadeghi,et al.  SANCTUARY: ARMing TrustZone with User-space Enclaves , 2019, NDSS.

[38]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.