CSIS logoCenter for Secure Information Systems

Securing the World's Cyber Infrastructure

Aerial View of the George Mason Fairfax Campus

CSIS Seminar

Cache-based Attacks against ARM TrustZone

Speaker:   Kun Sun, George Mason University
When:   April 17, 2023, 11:00 am - 12:00 pm
Where:   ENGR 4201


ARM processors provide a hardware security extension called TrustZone to protect security sensitive code and data running in a trusted execution environment. Our research points out that it is critical to protect the CPU caches when developing TrustZone-based security systems. First, we observe an ARM TrustZone cache incoherence behavior, which results in the cache contents of the two worlds, secure world and normal world, potentially being different even when they are mapped to the same physical address. Based on this observation, we develop a new cache-based rootkit called CacheKit that hides in the cache of the normal world and is able to evade memory introspection from the secure world. Second, researchers propose to create Isolated Execution Environments (IEEs) in the normal world to protect the security sensitive applications. However, we discover three cache-based attacks called CITM that can be leveraged to manipulate the sensitive data protected in IEE systems. Specifically, due to the inefficient and incoherent security measures on the cache that maps to the IEE memory, attackers in the normal world may compromise the security of IEE data by manipulating the IEE memory during concurrent execution, bypassing the security measures enforced when a security sensitive application is suspended or finished, or misusing the incomplete security measures during IEE’s context switching processes.

Speaker Bio

Dr. Kun Sun is a professor in the Department of Information Sciences and Technology at George Mason University. He is also the director of Sun Security Laboratory and the associate director of the Center for Secure Information Systems. He received his Ph.D. in Computer Science from North Carolina State University. Before joining GMU, he was an assistant professor in College of William and Mary. He has more than 15 years working experience in both academia and industry; his research work has been funded by government agencies including the NSF, DOD, NSA, DHS, and NIST. His research focuses on systems and network security. He has publishing over 130 conference and journal papers, and two papers won the Best Paper Award. His current research focuses on trustworthy computing environment, software security, moving target defense, network security, smart phone security, cloud security, and AI/ML security.