Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Environments

The traditional usage of ARM TrustZone has difficulty on solving the conflicts between the manufacturers that want to minimize the trusted computing base by constraining the installation of third-party applications in the secure world and the third-party application developers who prefer to have the freedom of installing their applications into the secure world. To address this issue, researchers propose to create Isolated Execution Environments (called IEEs) in the normal world to protect the security-sensitive applications. In this paper, we perform a systematic study on the IEE data protection models and the ARM cache attributes, and discover three cache-based attacks called CITM that can be leveraged to manipulate the sensitive data protected in IEEs. Specifically, due to the inefficient and incoherent security measures on the cache that maps to the IEE memory (i.e., memory designated for IEEs), attackers in the normal world may compromise the security of IEE data by manipulating the IEE memory during concurrent execution, bypassing the security measures enforced when a security-sensitive application is suspended or finished, or misusing the incomplete security measures during IEE's context switching processes. We conduct case studies of CITM attacks on three well-known IEE systems including SANCTUARY, Ginseng, and TrustICE to illustrate the feasibility to exploit them on real hardware testbeds. Finally, we analyze the root causes of the CITM attacks and propose a countermeasure to defeat them. The experimental results show that our defense scheme has a small overhead.

[1]  Jinsoo Jang,et al.  PrivateZone: Providing a Private Execution Environment Using ARM TrustZone , 2018, IEEE Transactions on Dependable and Secure Computing.

[2]  Rui Chang,et al.  MIPE: a practical memory integrity protection method in a trusted execution environment , 2017, Cluster Computing.

[3]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[4]  Lin Zhong,et al.  Ginseng: Keeping Secrets in Registers When You Distrust the Operating System , 2019, NDSS.

[5]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[6]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[7]  David Seal,et al.  ARM Architecture Reference Manual , 2001 .

[8]  James Newsome,et al.  MiniBox: A Two-Way Sandbox for x86 Native Code , 2014, USENIX ATC.

[9]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[10]  Ning Zhang,et al.  CacheKit: Evading Memory Introspection Using Cache Incoherence , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Yunheung Paek,et al.  Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices , 2016, USENIX Annual Technical Conference.

[12]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[13]  Yuewu Wang,et al.  TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens , 2015, CCS.

[14]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[15]  Trent Jaeger,et al.  Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture , 2014, ArXiv.

[16]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[17]  Andrew Ferraiuolo,et al.  Komodo: Using verification to disentangle secure-enclave hardware from software , 2017, SOSP.

[18]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[19]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[20]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[21]  Frank Piessens,et al.  Ariadne: A Minimal Approach to State Continuity , 2016, USENIX Security Symposium.

[22]  Julian Vetter,et al.  The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture , 2016, ICICS.

[23]  Ardalan Amiri Sani,et al.  The Case for a Virtualization-Based Trusted Execution Environment in Mobile Devices , 2018, APSys.

[24]  Andrew N. Sloss,et al.  ARM System Developer's Guide: Designing and Optimizing System Software , 2004 .

[25]  Wenzhi Chen,et al.  Protecting In-memory Data Cache with Secure Enclaves in Untrusted Cloud , 2017, CSS.

[26]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[27]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[28]  Zhi Wang,et al.  HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[29]  Ahmad-Reza Sadeghi,et al.  SANCTUARY: ARMing TrustZone with User-space Enclaves , 2019, NDSS.

[30]  Xuxian Jiang,et al.  Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[31]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[32]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[33]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[34]  Donguk Kim,et al.  Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone , 2018, ACSAC.

[35]  Yuewu Wang,et al.  TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[36]  Jinsoo Jang,et al.  Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection , 2020, IEEE Transactions on Dependable and Secure Computing.

[37]  Wei Feng,et al.  SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE , 2019, CCS.

[38]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[39]  Ning Zhang,et al.  TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices , 2016, IACR Cryptol. ePrint Arch..

[40]  Trent Jaeger,et al.  TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone , 2017, MobiSys.

[41]  Yunheung Paek,et al.  PrOS: Light-Weight Privatized Se cure OSes in ARM TrustZone , 2020, IEEE Transactions on Mobile Computing.

[42]  Kun Sun,et al.  OCRAM-Assisted Sensitive Data Protection on ARM-Based Platform , 2019, ESORICS.

[43]  Pedro Fonseca,et al.  SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[44]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[45]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[46]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[47]  Yubin Xia,et al.  TEEv: virtualizing trusted execution environments on mobile platforms , 2019, VEE.

[48]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.