Utilize este identificador para referenciar este registo:
https://hdl.handle.net/1822/81560
Título: | ReZone: disarming TrustZone with TEE privilege reduction |
Autor(es): | Cerdeira, David Martins Martins, José Carvalho Santos, Nuno Pinto, Sandro |
Data: | 2022 |
Editora: | USENIX Association |
Resumo(s): | In TrustZone-assisted TEEs, the trusted OS has unrestricted access to both secure and normal world memory. Unfortunately, this architectural limitation has opened an aisle of exploration for attackers, which have demonstrated how to leverage a chain of exploits to hijack the trusted OS and gain full control of the system, targeting (i) the rich execution environment (REE), (ii) all trusted applications (TAs), and (iii) the secure monitor. In this paper, we propose REZONE. The main novelty behind REZONE design relies on leveraging TrustZone-agnostic hardware primitives available on commercially off-the-shelf (COTS) platforms to restrict the privileges of the trusted OS. With REZONE, a monolithic TEE is restructured and partitioned into multiple sandboxed domains named zones, which have only access to private resources. We have fully implemented REZONE for the i.MX 8MQuad EVK and integrated it with Android OS and OP-TEE. We extensively evaluated REZONE using microbenchmarks and real-world applications. REZONE can sustain popular applications like DRM-protected video encoding with acceptable performance overheads. We have surveyed 80 CVE vulnerability reports and estimate that REZONE could mitigate 86.84% of them. |
Tipo: | Artigo em ata de conferência |
URI: | https://hdl.handle.net/1822/81560 |
ISBN: | 978-1-939133-31-1 |
Arbitragem científica: | yes |
Acesso: | Acesso aberto |
Aparece nas coleções: |
Ficheiros deste registo:
Ficheiro | Descrição | Tamanho | Formato | |
---|---|---|---|---|
sec22fall_cerdeira.pdf | 782,66 kB | Adobe PDF | Ver/Abrir |