Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC-Reference-Cited by-同舟云学术

Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

Published:2021-09-15 Issue: Volume: Page:
ISSN:2190-8508
Container-title:Journal of Cryptographic Engineering
language:en
Short-container-title:J Cryptogr Eng

Author:

Gross Mathieu^ORCID,Jacob Nisha,Zankl Andreas,Sigl Georg

Abstract

AbstractFPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.

Funder

Bayerische Forschungsstiftung

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Software

Link

https://link.springer.com/content/pdf/10.1007/s13389-021-00273-8.pdf

Reference29 articles.

1. ARM: ARM Cortex-A53 MPCore Processor Technical Reference Manual. Revision r0p2. (2014)

2. ARM: ARM Security Technology - Build a Secure System using TrustZone Technology. Issue D.c. (2016)

3. Aumaitre, D., Devine C.: Subverting windows 7 x64 kernel with dma attacks. In: HITBSecConf Amsterdam (2010)

4. Becher. M., Dornseif, M., Klein, C.: Firewire: all your memory are belong to us. (2005) https://cansecwest.com/core05/2005-firewire-cansecwest.pdf

5. Chaudhuri, S.: A security vulnerability analysis of socfpga architectures. In: Proceedings of the 55th Annual Design Automation Conference, ACM, New York, NY, USA, DAC ’18, pp 139:1–139:6, https://doi.org/10.1145/3195970.3195979 (2018)

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. When objects betray you: the Internet of Things and the privilege against self-incrimination;Information & Communications Technology Law;2024-05-28

2. Efficient Adaptive Multi-Level Privilege Partitioning With RTrustSoC;IEEE Transactions on Circuits and Systems I: Regular Papers;2024

3. TrustSoC: Light and Efficient Heterogeneous SoC Architecture, Secure-by-design;2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST);2023-12-13

4. A gem5 based Platform for Micro-Architectural Security Analysis;Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy;2023-10-29

5. Secured-by-design systems-on-chip: a MBSE Approach;Proceedings of the 34th International Workshop on Rapid System Prototyping;2023-09-21