research-article

SAFES: Sand-boxed Architecture for Frequent Environment Self-measurement

Authors:

Toshiki Kobayashi,

Takayuki Sasaki,

Daniele E. Asoni,

Adrian PerrigAuthors Info & Claims

SysTEX '18: Proceedings of the 3rd Workshop on System Software for Trusted Execution

Pages 37 - 41

https://doi.org/10.1145/3268935.3268939

Published: 15 January 2018 Publication History

Abstract

Monitoring software of low-end devices is a key part of defense in depth for IoT systems. These devices are particularly susceptible to memory corruption vulnerabilities because the limited computational resources restrict the types of countermeasures that can be implemented. Run-time monitoring therefore is fundamental for the security of these devices. We propose a monitoring architecture for untrusted software at the I/O event granularity for TrustZone-enabled devices. The architecture enables us to measure the integrity of the code immediately before its execution is triggered by any input. To verify the integrity in a lightweight manner, we statically determine the minimal code region that needs to be measured based on the I/O operation. We develop a prototype of the architecture using TrustZone-M and demonstrate that our prototype has a low processing overhead and small ROM memory footprint.

References

[1]

Tigist Abera, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. C-FLAT: Control-Flow Attestation for Embedded Systems Software. In ACM CCS.

Digital Library

[2]

Sergey Bratus, Nihal D'Cunha, Evan Sparks, and Sean W Smith. 2008. TOCTOU, traps, and trusted computing. In International Conference on Trusted Computing and Trust in Information Technologies.

Digital Library

[3]

Xavier Carpent, Norrathep Rattanavipanon, and Gene Tsudik. 2017. ERASMUS: Efficient Remote Attestation via Self-Measurement for Unattended Settings. IEEE/ACM Design, Automation, and Test in Europe (DATE).

[4]

Shuo Chen, Jun Xu, Emre Can Sezer, Prachi Gauriar, and Ravishankar K Iyer. 2005. Non-Control-Data Attacks Are Realistic Threats. In USENIX Security Symposium.

Digital Library

[5]

Thurston H.Y. Dang, Petros Maniatis, and David Wagner. 2015. The performance cost of shadow stacks and stack canaries. In ASIA CCS.

Digital Library

[6]

Karim El Defrawy, Aurelién Francillon, Daniele Perito, and Gene Tsudik. 2012. SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In NDSS.

[7]

Ghada Dessouky, Shaza Zeitouni, Thomas Nyman, Andrew Paverd, Lucas Davi, Patrick Koeberl, N. Asokan, and Ahmad-Reza Sadeghi. 2017. LO-FAT: Low-Overhead Control Flow ATtestation in Hardware. In DAC.

Digital Library

[8]

Trusted Computing Group. 2011. TPM Main Specification Level 2 Version 1.2, Revision 116. https://trustedcomputinggroup.org/resource/tpm-main-specification, Last accessed: 21 August 2018.

[9]

Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In IEEE Symposium on Security and Privacy.

[10]

Intel. 2014. Intel Software Guard Extensions Programming Reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf, Last accessed: 21 August 2018.

[11]

Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. 2014. SoK: Automated software diversity. In IEEE Symposium on Security and Privacy.

Digital Library

[12]

Amit Levy, Bradford Campbell, Branden Ghena, Daniel B Giffin, Pat Pannuto, Prabal Dutta, and Philip Levis. 2017. Multiprogramming a 64kB Computer Safely and Efficiently. In ACM SOSP.

Digital Library

[13]

ARM Ltd. 2016. ARMv8-M Architecture Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0553a.b, Last accessed: 21 August 2018.

[14]

Thomas Nyman, Jan-Erik Ekberg, Lucas Davi, and N Asokan. 2017. CFI CaRE: Hardware-Supported Call and Return Enforcement for Commercial Microcontrollers. In RAID.

[15]

Arvind Seshadri, Mark Luk, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. 2006. SCUBA: Secure code update by attestation in sensor networks. In ACM workshop on Wireless security.

Digital Library

[16]

Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM CCS.

Digital Library

[17]

Rodrigo Vieira Steiner and Emil Lupu. 2016. Attestation in wireless sensor networks: A survey. ACM Computing Surveys (CSUR), Vol. 49, 3 (2016), 51.

Digital Library

[18]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In IEEE Symposium on Security and Privacy.

Digital Library

[19]

John Viega and Hugh Thompson. 2012. The state of embedded-device security (spoiler alert: It's bad). IEEE Security & Privacy, Vol. 10, 5 (2012), 68--70.

Digital Library

[20]

Paul Williamson. 2017. It's Here: A Common Industry Framework for Protecting a Trillion Connected Devices. https://www.arm.com/company/news/2017/10/a-common-industry-framework.

Cited By

Moreau LConchon ESauveron D(2023)An Adaptive Simultaneous Multi-Protocol Extension of CRAFTSensors10.3390/s2308407423:8(4074)Online publication date: 18-Apr-2023
https://doi.org/10.3390/s23084074
Khurshid AYalew SAslam MRaza S(2023)ShieLD: Shielding Cross-Zone Communication Within Limited-Resourced IoT Devices Running Vulnerable Software StackIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314726220:2(1031-1047)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3147262
Moreau LConchon ESauveron D(2021)CRAFT: A Continuous Remote Attestation Framework for IoTIEEE Access10.1109/ACCESS.2021.30676979(46430-46447)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3067697
Show More Cited By

Recommendations

Light-SPD: a platform to prototype secure mobile applications
PAMCO '16: Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile Computing

Securely storing sensitive personal data is critical for protecting privacy. Currently, many persons use smartphones to store their private data. However, smartphones suffer from many security issues. To overcome this situation, the PCAS project is ...
Using ARM trustzone to build a trusted language runtime for mobile applications
ASPLOS '14

This paper presents the design, implementation, and evaluation of the Trusted Language Runtime (TLR), a system that protects the confidentiality and integrity of .NET mobile applications from OS security breaches. TLR enables separating an application's ...
Securing a communication channel for the trusted execution environment
Abstract
As a security extension to processor, ARM TrustZone has been widely adopted for various mobile and IoT devices. The protection is conducted by separating the system into two domains: the rich execution environment (REE) and the trusted ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SysTEX '18: Proceedings of the 3rd Workshop on System Software for Trusted Execution

October 2018

59 pages

ISBN:9781450359986

DOI:10.1145/3268935

General Chairs:
Baris Kasikci
University of Michigan, USA
,
Mark Silberstein
Technion, Israel

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15, 2018

Toronto, Canada

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
207
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Moreau LConchon ESauveron D(2023)An Adaptive Simultaneous Multi-Protocol Extension of CRAFTSensors10.3390/s2308407423:8(4074)Online publication date: 18-Apr-2023
https://doi.org/10.3390/s23084074
Khurshid AYalew SAslam MRaza S(2023)ShieLD: Shielding Cross-Zone Communication Within Limited-Resourced IoT Devices Running Vulnerable Software StackIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314726220:2(1031-1047)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3147262
Moreau LConchon ESauveron D(2021)CRAFT: A Continuous Remote Attestation Framework for IoTIEEE Access10.1109/ACCESS.2021.30676979(46430-46447)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3067697
Sasaki TTomita KHayaki YLiew SYamagaki N(2020)Secure IoT Device Architecture Using TrustZone2020 IEEE International Conference on Sensing, Communication and Networking (SECON Workshops)10.1109/SECONWorkshops50264.2020.9149772(1-6)Online publication date: Jun-2020
https://doi.org/10.1109/SECONWorkshops50264.2020.9149772
Zheng WWu YWu XFeng CSui YLuo XZhou Y(2020)A survey of Intel SGX and its applicationsFrontiers of Computer Science10.1007/s11704-019-9096-y15:3Online publication date: 31-Dec-2020
https://doi.org/10.1007/s11704-019-9096-y

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents