1 September 1, 2014

 Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2

 Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 3

 In-the-box approach (Thing et al., 2010; Sylve et al., 2011) Vulnerable to armored malware using anti-forensics  Virtual Machine Introspection (VMI) (Yan et al., 2012) Trusted Computing Base (TCB) is large  Hardware-based solution: ( Android Debug Bridge (ADB), JTAG, Chip-off) ADB and JTAG: need the support of the forensic target Chip-off: physical damage and usually irreversible 4

 Reliable Against malicious mobile OS Withstand mobile OS crash  Small TCB  Non-invasive 5 ARM TrustZone

 TrustZone A system-wide approach Two isolated execution domains: secure domain and normal domain  TZIC (TrustZone Interrupt Controller) Secure interrupt--FIQ Non-secure interrupt--IRQ  GPIO (General Purpose I/O) 6

 Trusted Application (TA) deployed in TrustZone in the payments at point of sale (POS) (Marforio et al., NDSS’14)  Trusted Language Runtime in TrustZone (Santos et al., ASPLOS’14)  Isolate Guest OS and Hypervisor with TrustZone (Kalkowski et al., FOSDEM ’14) 7

8

 TrustDump Deployment Port Rich OS to the normal domain Install the TrustDumper in the secure domain  Reliable Switching Non-maskable interrupt (NMI)  Data Acquisition and Transmission Online and offline memory forensics 9

 Freescale i.MX53 Quick Start Board A Cortex-A8 1GHz Processor 1GB DDR3 RAM 4GB MicroSD card  Android in normal domain  Thinkpad-T430 10

 Android Porting Based on the Board Support Package published by Adeneo Embedded Intended to run in the secure domain  Access resource of secure domain in normal domain: secure I/O interfaces void secure_write(unsigned int data, unsigned int pa); unsigned int secure_read(unsigned int pa);  Self-contained TrustDumper in the secure domain 11

12

 Configure User-defined button 1 as NMI I. Enable FIQ exception: CPSR.F=0 II. Ensure CPSR.F cannot be modified by the normal domain: SCR.FW=0 III. Enforce the ARM processor to branch to the monitor mode on an FIQ exception: SCR.FIQ=1 IV. Configure GPIO-2 as secure peripheral 13

 Button 1 is for NMI in secure domain and Button 2 is used as the Home Key in normal domain 14 Disable the non-secure access to Button 1 The non-secure access to Button 2 is disabled User-defined Button 1 and 2 share the same access policy

 Set the peripherals sharing the same policy as secure peripheral  Release those peripherals needed in the normal domain by adding them into the Whitelist in secure domain  The Rich OS uses the secure I/O interfaces to access the released peripherals 15

 One interrupt number for all the 32 pins of GPIO-2  Button 2 will trigger the same NMI, instead of serving as the Home Key as designed in the Rich OS  Forward the interrupt requests of button 1 and button 2 to different domains 16

17 Button 1 Button 2

 Data Acquisition and Transmission  Integrity Checking and Rootkit Detection 18 stack pointer & (0x1FFFF)

 Switching time NMI: 1.7 us SMC: 0.3 us  Memory Dumping Performance 19 Scale (Byte)Bit rate (bit/s) DMACPU K K  Analysis time Kernel Integrity Checking: hardware (1.56 ms), software (578.6 ms) Processes Traversing: 2.13 ms

 TrustDump Reliable memory acquisition mechanism based on TrustZone Hardware-assisted isolation NMI as the reliable switching Fine-grained peripheral control and fine-grained interrupt control 20

21