Understanding the Security of ARM Debugging Features

Ning, Zhenyu; Zhang, Fengwei

doi:10.1109/sp.2019.00061

Cited by 30 publications

(40 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Both Arm TrustZone and Intel SGX security technologies use trust-based security. Being a passive defence method, it does not provide run-time respond and recover functions and found ineffective against wide-range of vulnerabilities and attacks specifically targeting run-time TEE and microarchitecture [6], [7], [12], [13], [16], [19], [20], [21], [22]. 2 Information Flow Tracking is an active defence method that provides run-time security against malicious attacks and software malfunction.…”

Section: Secure-by-design and Security Methodsmentioning

confidence: 99%

“…This includes the realisation of mix-critical applications, broader network connectivity, a need for code/data protection, isolation and segregation of resources leading to wider availability of embedded multiprocessing [6], [7], [9]. Where these computing platform advancements brought benefits, they have exposed platforms to wide-range security challenges due to increased system attack surface and micro-architecture vulnerabilities [12], [16], [17], [18], [19], [20], [21], [22].…”

Section: Evolution Of Embedded Platform Securitymentioning

confidence: 99%

“…This important secure software code is developed by the software/application developers, thus prone to human errors/bugs leading to vulnerabilities [7], [13] and microarchitectural side-channel leakage attacks e.g. Spectre [17], BOOMERANG [21], Nailgun [22].…”

Section: B Arm Trustzone Technologymentioning

confidence: 99%

“…Hex-FIVE MultiZone security technology introduces security through separation to approach security vulnerabilities [7], [13], [22] caused due to integration of untrusted third-party software (libraries, APIs, drivers) into TEE. It builds security boundaries by creating a policy-based security environment for the processor.…”

Section: Hex-five Multizone Securitymentioning

confidence: 99%

See 3 more Smart Citations

Evolution of Embedded Platform Security Technologies: Past, Present & Future Challenges

Siddiqui

Sezer

2020

2020 IEEE 33rd International System-on-Chip Conference (SOCC)

View full text Add to dashboard Cite

In recent years, the proliferation of intelligent embedded technologies is opening venues to new service and computing models, providing diverse socio-economic benefits. These intelligent technologies are giving rise to a wide range of public and private applications by sharing and analysing generated data. This includes smart home, smart health, smart city, autonomous vehicles, smart grid and smart manufacturing etc. However, where this sharing of data brings benefits and opportunities, it simultaneously presents security risks and challenges. The realisation and prototyping of such technologies require a computing hardware widely available in the form of an embedded platform. The security perimeter and the attack surface of these platforms rely on their supported security and defence mechanisms. This paper aims to build a body-of-knowledge in this area for the security research community. It present the state-of-theart security frameworks and architectures, discuss architectural shortcomings and root-causes of leading security technologies rather than discussing vulnerabilities and attacks. The paper concludes advocating secure-by-design platform approach and classifying platform security methods to realise robust embedded platform security architecture.

show abstract

Section: Secure-by-design and Security Methodsmentioning

confidence: 99%

Section: Evolution Of Embedded Platform Securitymentioning

confidence: 99%

Section: B Arm Trustzone Technologymentioning

confidence: 99%

Section: Hex-five Multizone Securitymentioning

confidence: 99%

See 2 more Smart Citations

Evolution of Embedded Platform Security Technologies: Past, Present & Future Challenges

Siddiqui

Sezer

2020

2020 IEEE 33rd International System-on-Chip Conference (SOCC)

View full text Add to dashboard Cite

show abstract

“…The executed program is also coded and stored in firmware; thus, it can be blocked by malicious BIOS tampering or bootkits [50]. Furthermore, if the local hardware or hypervisor RoTs are under attack, then the base of chain might be compromised [51], leading to verification errors. Another factor is flexibility: to ensure trustworthiness, users have fewer interfaces for accessing the trust base.…”

Section: A Trust Chain-based Verificationmentioning

confidence: 99%

RAitc: Securely Auditing the Remotely Executed Applications

2020

View full text Add to dashboard Cite

One of the most important security challenges in remote computing (e.g., cloud computing) is protecting users' applications running on the service platform from malicious attacks. Because remote users have little control over the platform, a malicious platform manager or platform-sharing guest acting as an adversary can easily create an untrustworthy execution environment. Prior studies have leveraged trusted third party (TTP)-based and trusted execution environment (TEE)-based approaches to mitigate such security issues, but these approaches still provide little transparency from the user's perspective. To address this challenge, we present a remote auditing approach based on an identified trust chain (RAitc) to analyze the correctness of remotely loaded applications. The chain is constructed with two goals: the first is to identify the remote platform to ensure that the user has a designated service system; the second is to build a trust chain from the user to the designated platform via verifiable computing-based module measurements and kernel-based application auditing. RAitc achieves a higher guarantee of safety in securely monitoring and verifying the integrity of remote applications executed by users. In addition, RAitc is both easier and more flexible for the extension of the trust base. Our implementation of RAitc protects users' remote execution environments while requiring an acceptable overhead on the target system in application auditing. We rigorously and comprehensively evaluated the effectiveness and performance of RAitc. The results show that RAitc performs effectively and has acceptable resource consumption.

show abstract