We posit that the first-glance intuition that trusted hardware can protect data simply through isolation is wrong. To the contrary, careful management of the interaction between the trusted hardware execution environment and the outside world is critical to ensuring security.
In this dissertation, we first demonstrate that mismanaged interaction between the hardware-enabled execution environment and other non-secure entities leads to sensitive data leakage and illicit privilege escalation. We then detail how to detect such mismanagement through semi-automatic analysis. We present how introducing a judiciously-tailored interaction monitor can severely restrict security impacts of such mismanagement. Finally, we show how this can also enable
powerful new hardware-empowered secure communication paradigms.
-----------
Mobile devices increasingly access, process, and store confidential information and participate in authentication protocols, making them extremely attractive targets. Sophisticated adversaries often gain direct access to user data by exploiting OS vulnerabilities. To mitigate the impact of such attacks, secure areas known as Trusted Execution Environments (TEEs) have been designed inside processors that can protect secrets in the presence of compromised OSes.
TEEs protect code and data using hardware mechanisms that isolate them against access from vulnerable OSes and applications. On mobile devices, ARM TrustZone provides such a TEE in the form of a ``Secure World'', where security-sensitive code (``TAs'') executes outside the reach of
the potentially untrusted ``Normal World'' OS. In practice, protecting code running inside TEEs against Normal World software proves difficult due to the semantic gap between the two worlds and their increasing size and complexity. Further, under traditional TrustZone software designs, most applications cannot run as TAs and remain unprotected under the
Normal World OS.
WHO: Darius Suciu
https://www3.cs.stonybrook.edu/~dsuciu/
WHERE:
NCS 120 OR ZOOM LINK:
https://stonybrook.zoom.us/j/96735660506?pwd=dktzUWFVcDgxNFdETVZyVERHNUpHQT09
