Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 September 1, 2014.  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2.

Published byMariana Simmons Modified over 9 years ago

Similar presentations

Presentation on theme: "1 September 1, 2014.  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2."— Presentation transcript:

1 1 September 1, 2014

2  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2

3  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 3

4  In-the-box approach (Thing et al., 2010; Sylve et al., 2011) Vulnerable to armored malware using anti-forensics  Virtual Machine Introspection (VMI) (Yan et al., 2012) Trusted Computing Base (TCB) is large  Hardware-based solution: ( Android Debug Bridge (ADB), JTAG, Chip-off) ADB and JTAG: need the support of the forensic target Chip-off: physical damage and usually irreversible 4

5  Reliable Against malicious mobile OS Withstand mobile OS crash  Small TCB  Non-invasive 5 ARM TrustZone

6  TrustZone A system-wide approach Two isolated execution domains: secure domain and normal domain  TZIC (TrustZone Interrupt Controller) Secure interrupt--FIQ Non-secure interrupt--IRQ  GPIO (General Purpose I/O) 6

7  Trusted Application (TA) deployed in TrustZone in the payments at point of sale (POS) (Marforio et al., NDSS’14)  Trusted Language Runtime in TrustZone (Santos et al., ASPLOS’14)  Isolate Guest OS and Hypervisor with TrustZone (Kalkowski et al., FOSDEM ’14) 7

8 8

9  TrustDump Deployment Port Rich OS to the normal domain Install the TrustDumper in the secure domain  Reliable Switching Non-maskable interrupt (NMI)  Data Acquisition and Transmission Online and offline memory forensics 9

10  Freescale i.MX53 Quick Start Board A Cortex-A8 1GHz Processor 1GB DDR3 RAM 4GB MicroSD card  Android 2.3.4 in normal domain  Thinkpad-T430 10

11  Android Porting Based on the Board Support Package published by Adeneo Embedded Intended to run in the secure domain  Access resource of secure domain in normal domain: secure I/O interfaces void secure_write(unsigned int data, unsigned int pa); unsigned int secure_read(unsigned int pa);  Self-contained TrustDumper in the secure domain 11

12 12

13  Configure User-defined button 1 as NMI I. Enable FIQ exception: CPSR.F=0 II. Ensure CPSR.F cannot be modified by the normal domain: SCR.FW=0 III. Enforce the ARM processor to branch to the monitor mode on an FIQ exception: SCR.FIQ=1 IV. Configure GPIO-2 as secure peripheral 13

14  Button 1 is for NMI in secure domain and Button 2 is used as the Home Key in normal domain 14 Disable the non-secure access to Button 1 The non-secure access to Button 2 is disabled User-defined Button 1 and 2 share the same access policy

15  Set the peripherals sharing the same policy as secure peripheral  Release those peripherals needed in the normal domain by adding them into the Whitelist in secure domain  The Rich OS uses the secure I/O interfaces to access the released peripherals 15

16  One interrupt number for all the 32 pins of GPIO-2  Button 2 will trigger the same NMI, instead of serving as the Home Key as designed in the Rich OS  Forward the interrupt requests of button 1 and button 2 to different domains 16

17 17 Button 1 Button 2

18  Data Acquisition and Transmission  Integrity Checking and Rootkit Detection 18 stack pointer & (0x1FFFF)

19  Switching time NMI: 1.7 us SMC: 0.3 us  Memory Dumping Performance 19 Scale (Byte)Bit rate (bit/s) DMACPU 1092178.1292178.49 10092163.3892165.45 1K92163.0192163.43 10K92163.0992163.11  Analysis time Kernel Integrity Checking: hardware (1.56 ms), software (578.6 ms) Processes Traversing: 2.13 ms

20  TrustDump Reliable memory acquisition mechanism based on TrustZone Hardware-assisted isolation NMI as the reliable switching Fine-grained peripheral control and fine-grained interrupt control 20

21 hsun01@wm.edu 21

Download ppt "1 September 1, 2014.  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2."

Similar presentations

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.

purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.
Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,

Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
An Out-of-the-Box Approach to High Assurance Computer System Monitoring and Integrity Protection Cyber Defense Conference, Rome, NY, May 12-14, 2008 Assistant.

An Out-of-the-Box Approach to High Assurance Computer System Monitoring and Integrity Protection Cyber Defense Conference, Rome, NY, May 12-14, 2008 Assistant.
@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.

@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.

1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
Operating System Support for Virtual Machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

Operating System Support for Virtual Machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
Android Security GROUP MAY 1208 Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren.

Android Security GROUP MAY 1208 Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren.
Senior Design May 12-08 AbstractDesign Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren Our project is to develop a working emulator for an Android.

Senior Design May AbstractDesign Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren Our project is to develop a working emulator for an Android.
Building Trusted Path on Untrusted Device Drivers for Mobile Devices

Building Trusted Path on Untrusted Device Drivers for Mobile Devices

Similar presentations

Ads by Google