13,120 research outputs found
TrustZone based attestation in secure runtime verification for embedded systems
Dissertação de mestrado integrado em Engenharia InformáticaARM TrustZone é um “Ambiente de Execução Confiável” disponibilizado em processadores da ARM, que
equipam grande parte dos sistemas embebidos. Este mecanismo permite assegurar que componentes
crĂticos de uma aplicação executem num ambiente que garante a confidencialidade dos dados e integridade
do cĂłdigo, mesmo que componentes maliciosos estejam instalados no mesmo dispositivo. Neste projecto
pretende-se tirar partido do TrustZone no contexto de uma framework segura de monitorização em tempo
real de sistemas embebidos. Especificamente, pretende-se recorrer a components como o ARM Trusted
Firmware, responsável pelo processo de secure boot em sistemas ARM, para desenvolver um mecanismo
de atestação que providencie garantias de computação segura a entidades remotas.ARM TrustZone is a security extension present on ARM processors that enables the development of hardware
based Trusted Execution Environments (TEEs). This mechanism allows the critical components of an
application to execute in an environment that guarantees data confidentiality and code integrity, even when a
malicious agent is installed on the device. This projects aims to harness TrustZone in the context of a secure
runtime verification framework for embedded devices. Specifically, it aims to harness existing components,
namely ARM Trusted Firmware, responsible for the secure boot process of ARM devices, to implement an
attestation mechanism that provides proof of secure computation to remote parties.This work has been partially supported by the Portuguese Foundation for Science and
Technology (FCT), project REASSURE (PTDC/EEI-COM/28550/2017), co-financed by
the European Regional Development Fund (FEDER), through the North Regional Operational Program (NORTE 2020)
CapablePtrs: Securely Compiling Partial Programs using the Pointers-as-Capabilities Principle
Capability machines such as CHERI provide memory capabilities that can be
used by compilers to provide security benefits for compiled code (e.g., memory
safety). The C to CHERI compiler, for example, achieves memory safety by
following a principle called "pointers as capabilities" (PAC). Informally, PAC
says that a compiler should represent a source language pointer as a machine
code capability. But the security properties of PAC compilers are not yet well
understood. We show that memory safety is only one aspect, and that PAC
compilers can provide significant additional security guarantees for partial
programs: the compiler can provide guarantees for a compilation unit, even if
that compilation unit is later linked to attacker-controlled machine code. This
paper is the first to study the security of PAC compilers for partial programs
formally. We prove for a model of such a compiler that it is fully abstract.
The proof uses a novel proof technique (dubbed TrICL, read trickle), which is
of broad interest because it reuses and extends the compiler correctness
relation in a natural way, as we demonstrate. We implement our compiler on top
of the CHERI platform and show that it can compile legacy C code with minimal
code changes. We provide performance benchmarks that show how performance
overhead is proportional to the number of cross-compilation-unit function
calls
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
Policy based runtime verification of information flow.
Standard security mechanism such as Access control, Firewall and Encryption only focus on controlling the release of information but no limitations are placed on controlling the propagation of that confidential information. The principle problem of controlling sensitive information confidentiality starts after access is granted. The research described in this thesis belongs to the constructive research field where the constructive refers to knowledge contributions being developed as a new framework, theory, model or algorithm. The methodology of the proposed approach is made up of eight work packages. One addresses the research background and the research project requirements. Six are scientific research work packages. The last work package concentrates on the thesis writing up. There is currently no monitoring mechanism for controlling information flow during runtime that support behaviour configurability and User interaction. Configurability is an important requirement because what is considered to be secure today can be insecure tomorrow. The interaction with users is very important in flexible and reliable security monitoring mechanism because different users may have different security requirements. The interaction with monitoring mechanism enables the user to change program behaviours or modify the way that information flows while the program is executing. One of the motivations for this research is the information flow policy in the hand of the end user. The main objective of this research is to develop a usable security mechanism for controlling information flow within a software application during runtime. Usable security refers to enabling users to manage their systems security without defining elaborate security rules before starting the application. Our aim is to provide usable security that enables users to manage their systems' security without defining elaborate security rules before starting the application. Security will be achieved by an interactive process in which our framework will query the user for security requirements for specific pieces of information that are made available to the software and then continue to enforce these requirements on the application using a novel runtime verification technique for tracing information flow. The main achievement of this research is a usable security mechanism for controlling information flow within a software application during runtime. Security will be achieved by an interactive process to enforce user requirements on the application using runtime verification technique for tracing information flow. The contributions are as following. Runtime Monitoring: The proposed runtime monitoring mechanism ensures that the program execution is contains only legal flows that are defined in the information flow policy or approved by the user. Runtime Management: The behaviour of a program that about to leak confidential information will be altered by the monitor according to the user decision. User interaction control: The achieved user interaction with the monitoring mechanism during runtime enable users to change the program behaviours while the program is executing.Libyan Embass
Bootbandit: A macOS Bootloader Attack
Full disk encryption (FDE) is used to protect a computer system against data theft by physical access. If a laptop or hard disk drive protected with FDE is stolen or lost, the data remains unreadable without the encryption key. To foil this defense, an intruder can gain physical access to a computer system in a so-called “evil maid” attack, install malware in the boot (pre-operating system) environment, and use the malware to intercept the victim’s password. Such an attack relies on the fact that the system is in a vulnerable state before booting into the operating system. In this paper, we discuss an evil maid type of attack, in which the victim’s password is stolen in the boot environment, passed to the macOS user environment, and then exfiltrated from the system to the attacker’s remote command and control server. On a macOS system, this attack has additional implications due to “password forwarding” technology, in which users’ account passwords also serve as FDE passwords
- …