Breaking TrustZone Memory Isolation through Malicious Hardware on a Modern FPGA-SoC

Gross, Mathieu; Jacob, Nisha; Zankl, Andreas; Sigl, Georg

doi:10.1145/3338508.3359568

Cited by 11 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This work extends our research performed in [10]. We found out that the problem observed with the XMPUs also affects the Xilinx peripheral protection unit (XPPU).…”

Section: Introductionsupporting

confidence: 80%

“…Despite the presence of these isolation mechanisms, we have shown in our previous work [10] that DMA attacks from a HT are possible on the ZU+. We found out that a hardware accelerator connected to the accelerator coherency port (ACP) is not affected by the SMMU and that the Xilinx memory protection units (XMPUs) fail in isolating the memory of the CPU from the ACP.…”

Section: Introductionmentioning

confidence: 82%

“…In our original work [10], we show the feasibility of performing powerful DMA attacks on ARM TrustZone, despite the protection provided by this technology against DMA attacks. This work reveals that the memory isolation issue described in our original work is extended to the peripherals.…”

Section: Our Contributionmentioning

confidence: 93%

See 2 more Smart Citations

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

et al. 2021

Self Cite

View full text Add to dashboard Cite

FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.

show abstract

“…This work extends our research performed in [10]. We found out that the problem observed with the XMPUs also affects the Xilinx peripheral protection unit (XPPU).…”

Section: Introductionsupporting

confidence: 80%

Section: Introductionmentioning

confidence: 82%

See 1 more Smart Citation

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Hardware security has been developed to guarantee the integrity of IoT devices and offer them protection against cyberattacks. It has been applied to TPM, a secure password processing standard, and to Trustzone, which sets the security boundary of the kernel and creates execution privileges [35][36] [37]. Recently, as the importance of IoT security has increased, the security solution under it has been integrated with microcontroller units (MCUs).…”

Section: A Hardware Securitymentioning

confidence: 99%

Design and Implementation of Secure Cryptographic System on Chip for Internet of Things

Lee

Kim

2022

IEEE Access

View full text Add to dashboard Cite

Due to the 4th industrial revolution and the strength of the 5 th Generation (5G) era, the Internet of Things (IoT) industry is growing significantly. As a result, the number of IoT devices in various industries, such as smart cars, smart homes, and smart healthcare, and the importance of security for these devices are increasing. This study proposes a design method for a secure cryptographic system on a chip (SecSoC) that can be used in the IoT industry and presents the results of the performance and security evaluations of the implemented chipset. The experimental results demonstrated that the SecSoC is a low-power highperformance cryptographic chip that is safe from external attacks. Compared to conventional smart card integrated circuits, the proposed design includes intrusion detection circuits that can respond to external attacks. At the same time, it supports a physical unclonable function for hiding secret data and cryptographic logic for maintaining integrity and confidentiality. The SecSoC ensured a fast transfer rate up to 110 Mbps and consumed only 95.8 mW when operating at maximum frequency.

show abstract

“…For TrustZone, it means the TEE has the highest privilege to control the REE and communicate with all peripherals. The design violates the principle of least privilege by including unnecessary peripherals and buggy peripheral drivers in the software TCB [27] and exposing the TEE to malicious peripheral inputs [38]. For SGX, it means applications in enclaves have to go through and trust the REE OS to communicate with peripherals [71], bloating the size of software TCB by including a usually monolithic REE OS kernel, e.g., 27.8M Source Lines of Code (SLOC) of the Linux kernel [23]; iii) the TEE shares a processor core with the REE in a time-sliced fashion, not only costing many CPU cycles [75], [98] for the expensive context switches between the TEE and REE but also making it vulnerable to cache side-channel attacks [25], [30], [39], [97], [99], which directly undermine TEE's security promises; iv) the software TCBs in TEEs are large, creating big attack surfaces for runtime attacks that hijack the control or data flow [17], [101].…”

Section: Introductionmentioning

confidence: 99%

BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA

Armanuzzaman¹,

Zhao²

2022

Preprint

View full text Add to dashboard Cite

In recent years, we have witnessed unprecedented growth in using hardware-assisted Trusted Execution Environments (TEE) or enclaves to protect sensitive code and data on commodity devices thanks to new hardware security features, such as Intel SGX and Arm TrustZone. Even though the proprietary TEEs bring many benefits, they have been criticized for lack of transparency, vulnerabilities, and various restrictions. For example, existing TEEs only provide a static and fixed hardware Trusted Computing Base (TCB), which cannot be customized for different applications. Existing TEEs time-share a processor core with the Rich Execution Environment (REE), making execution less efficient and vulnerable to cache sidechannel attacks. Moreover, TrustZone lacks hardware support for multiple TEEs, remote attestation, and memory encryption.In this paper, we present BYOTEE (Build Your Own Trusted Execution Environments), which is an easy-to-use infrastructure for building multiple equally secure enclaves by utilizing commodity Field Programmable Gate Arrays (FPGA) devices. BYOTEE creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand. Additionally, BYOTEE provides mechanisms to attest the integrity of the customized enclaves' hardware and software stacks, including bitstream, firmware, and the Security-Sensitive Applications (SSA) along with their inputs and outputs to remote verifiers. We implement a BYOTEE system for the Xilinx System-on-Chip (SoC) FPGA. The evaluations on the low-end Zynq-7000 system for four SSAs and 12 benchmark applications demonstrate the usage, security, effectiveness, and performance of the BYOTEE framework.

show abstract

Breaking TrustZone Memory Isolation through Malicious Hardware on a Modern FPGA-SoC

Cited by 11 publications

References 9 publications

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

Design and Implementation of Secure Cryptographic System on Chip for Internet of Things

BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA

Contact Info

Product

Resources

About