7 research outputs found
ReZone: disarming TrustZone with TEE privilege reduction
In TrustZone-assisted TEEs, the trusted OS has unrestricted
access to both secure and normal world memory. Unfortunately, this architectural limitation has opened an aisle of
exploration for attackers, which have demonstrated how to
leverage a chain of exploits to hijack the trusted OS and gain
full control of the system, targeting (i) the rich execution
environment (REE), (ii) all trusted applications (TAs), and
(iii) the secure monitor. In this paper, we propose REZONE.
The main novelty behind REZONE design relies on leveraging
TrustZone-agnostic hardware primitives available on commercially off-the-shelf (COTS) platforms to restrict the privileges
of the trusted OS. With REZONE, a monolithic TEE is restructured and partitioned into multiple sandboxed domains named
zones, which have only access to private resources. We have
fully implemented REZONE for the i.MX 8MQuad EVK and
integrated it with Android OS and OP-TEE. We extensively
evaluated REZONE using microbenchmarks and real-world
applications. REZONE can sustain popular applications like
DRM-protected video encoding with acceptable performance
overheads. We have surveyed 80 CVE vulnerability reports
and estimate that REZONE could mitigate 86.84% of them.We thank our shepherd Aastha Mehta and the anonymous reviewers for their comments and suggestions. This work was supported by national funds through Centro ALGORITMI / Universidade do Minho, Instituto Superior Técnico / Universidade de Lisboa, and FCT under project UIDB/50021/2020 and UIDB/00319/2020. David Cerdeira was supported by FCT grant SFRH/BD/146231/2019
Operating systems for Internet of Things low-end devices: analysis and benchmarking
In the era of the Internet of Things (IoT), billions of wirelessly connected embedded devices rapidly became part of our daily lives. As a key tool for each Internet-enabled object, embedded operating systems (OSes) provide a set of services and abstractions which eases the development and speedups the deployment of IoT solutions at scale. This article starts by discussing the requirements of an IoT-enabled OS, taking into consideration the major concerns when developing solutions at the network edge, followed by a deep comparative analysis and benchmarking on Contiki-NG, RIOT, and Zephyr. Such OSes were considered as the best representative of their class considering the main key-points that best define an OS for resource-constrained IoT devices: low-power consumption, real-time capabilities, security awareness, interoperability, and connectivity. While evaluating each OS under different network conditions, the gathered results revealed distinct behaviors for each OS feature, mainly due to differences in kernel and network stack implementations.This work has been supported by national funds through FCT - Fundação para a Ciência e a Tecnologia within the Project Scope: UID/CEC/00319/2019
Providing trusted execution environments using FPGA
Trusted Execution Environments (TEEs) drastically
reduce the trusted computing base (TCB) of the systems by
providing a secure execution environment for security-critical
applications that are isolated from the operating system or
the hypervisor. TEEs are often assumed to be highly secure;
however, over the last few years, TEEs have been proven weak,
as either TEEs built upon security-oriented hardware extensions
(e.g., Arm TrustZone and Intel SGX) or resorting to dedicated
secure elements were exploited multiple times. In this paper,
we propose a novel TEE design, named Trusted Execution
Environments On-Demand (TEEOD), which leverages the re configurable logic of FPGA-SoCs to dynamically provide secure
execution environments for security-critical applications. Unlike
other TEE designs, ours can provide high-bandwidth connections
and physical on-chip isolation while providing configurable hard ware and software TCBs. We implemented a proof-of-concept
(PoC) implementation targeting an Ultra96-V2 platform. The
conducted evaluation demonstrated TEEOD can host up to 6
simultaneous enclaves with a resource usage per enclave of
7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS,
respectively
Bao-Enclave: virtualization-based Enclaves for Arm
General-purpose operating systems (GPOS), such as Linux, encompass several
million lines of code. Statistically, a larger code base inevitably leads to a
higher number of potential vulnerabilities and inherently a more vulnerable
system. To minimize the impact of vulnerabilities in GPOS, it has become common
to implement security-sensitive programs outside the domain of the GPOS, i.e.,
in a Trusted Execution Environment (TEE). Arm TrustZone is the de-facto
technology for implementing TEEs in Arm devices. However, over the last decade,
TEEs have been successfully attacked hundreds of times. Unfortunately, these
attacks have been possible due to the presence of several architectural and
implementation flaws in TrustZone-based TEEs. In this paper, we propose
Bao-Enclave, a virtualization-based solution that enables OEMs to remove
security functionality from the TEE and move them into normal world isolated
environments, protected from potentially malicious OSes, in the form of
lightweight virtual machines (VMs). We evaluate Bao-Enclave on real hardware
platforms and find out that Bao-Enclave may improve the performance of
security-sensitive workloads by up to 4.8x, while significantly simplifying the
TEE software TCB
Self-secured devices: high performance and secure I/O access in TrustZone-based systems
Arm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance.This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing.This work has been supported by FCT -Fundação para a Ciência e a Tecnologia, Portugal within the R&D Units Project Scope: UIDB/00319/2020
The Genome of Anopheles darlingi, the main neotropical malaria vector
Anopheles darlingi is the principal neotropical malaria vector, responsible for more than a million cases of malaria per year on the American continent. Anopheles darlingi diverged from the African and Asian malaria vectors ∼100 million years ago (mya) and successfully adapted to the New World environment. Here we present an annotated reference A. darlingi genome, sequenced from a wild population of males and females collected in the Brazilian Amazon. A total of 10 481 predicted protein-coding genes were annotated, 72% of which have their closest counterpart in Anopheles gambiae and 21% have highest similarity with other mosquito species. In spite of a long period of divergent evolution, conserved gene synteny was observed between A. darlingi and A. gambiae. More than 10 million single nucleotide polymorphisms and short indels with potential use as genetic markers were identified. Transposable elements correspond to 2.3% of the A. darlingi genome. Genes associated with hematophagy, immunity and insecticide resistance, directly involved in vectorhuman and vectorparasite interactions, were identified and discussed. This study represents the first effort to sequence the genome of a neotropical malaria vector, and opens a new window through which we can contemplate the evolutionary history of anopheline mosquitoes. It also provides valuable information that may lead to novel strategies to reduce malaria transmission on the South American continent. The A. darlingi genome is accessible at www.labinfo.lncc.br/index.php/anopheles- darlingi. © 2013 The Author(s)
Security assurance of an In-vehicle HMI Manager: specifying certifiable software for In-vehicle infotainment systems
Dissertação de mestrado integrado em Engenharia de Electrónica Industrial e de ComputadoresTraditionally in the automotive industry, vehicle safety was the most crucial factor and security
of in-vehicle systems was only an afterthought. This resulted in networks that withstood
several technical interferences, but were mostly unprotected against malicious attacks.
In the future, infotainment, and other software systems in the vehicle will be composed of,
and be connected to, several processing units inside the car, with some of them even requiring
Internet connection. Security then becomes at least as important as safety, even overlapping
in some aspects. Two main problems surge from this interconnection: user data needs to be
secure, and the system must be resilient to hacks that could allow remote control of the car.
For users to have confidence in the software systems inside the vehicle, an evaluation must
be performed. The evaluation result should meet some criteria that users or a regulatory
body deem acceptable. With a security evaluation, careful analysis of implementation and
design of a system is performed. The higher the scrutiny and detail of the evaluation the
higher the cost. It is thus important that evaluation activities correspond to the assets’ value.
This dissertation aims at specifying a secure architecture for an HMI Manager. The HMI
Manager purpose is to manage several Human-Machine Interface (HMI) systems inside the
vehicle to provide a better experience to the user. This work focuses on user data protection,
and in generating documentation that would contribute the system certification. Best practices
are followed to help create a secure system the system requirements through the use of
tried and tested techniques.Tradicionalmente, na indústria automóvel, a segurança do veículo era o fator mais importante
e a segurança interna de sistemas internos ao veículo era pensada depois. Isto resultou em
sistemas capazes de resistir a várias interferências técnicas, mas na maior parte das vezes
desprotegidos contra ataques.
No futuro, sistemas de infotainment, e outros, serão compostos e estarão conectados a várias
unidades de processamento dentro do carro, em que algumas delas podem mesmo necessitar de
uma ligação à Internet. Nestes casos, a ciber-segurança torna-se, pelo menos, tão importante
quanto a segurança física do veículo, sobrepondo-se até em alguns aspetos. Dois problemas
principais surgem desta conectividade: os dados dos utilizadores precisam ser protegidos, e
o sistema deve ser resistente a ataques que podem, em casos extremos, permitir o controlo
remoto do carro.
Para que os utilizadores tenham confiança nos sistemas de software dentro do veículo, deve
ser executado uma avaliação a esses sistemas. O resultado da avaliação deve atender a alguns
critérios que os utilizadores, ou órgão regulador achem aceitável. Com uma avaliação de segurança é efetuada uma análise cuidadosa arquitetura de um sistema e da sua implementação.
Contudo quanto maior o escrutínio e mais detalhes a avaliar, maior será a custo da dita
avaliação. Sendo assim, é importante que as atividades de avaliação correspondam ao valor
daquilo que os utilizadores querem proteger.
Esta dissertação visa especificar uma arquitetura de segurança para o HMI Manager, um
sistema que coordena sistemas HMI dentro de um veículo, com foco na proteção de dados do
utilizador, e em gerar documentação que contribua para a certificação do sistema. Para tal,
serão seguidas as práticas recomendadas para a conceção de sistema seguros.European Structural and Investment Funds in the FEDER component, through the Operational Competitiveness and Internationalization Programme (COMPETE 2020) Project no 002797; Funding Reference: POCI-01-0247-FEDER-00279