Abstract

To protect software systems from attacks, ARM introduced a hardware security extension known as TrustZone. TrustZone provides an isolated execution environment, which can be used to deploy various memory integrity and malware detection tools. However, a new type of rootkit, namely CacheKit, can exploit cache incoherency and cache locking mechanisms in TrustZone to hide itself from such inspections. Therefore, it is imperative to design a new approach to ensure the correct use of cache locking and prevent malicious code from being hidden in the cache. In this paper, we present CacheLight, which leverages the TrustZone and Virtualization extensions of the ARM architecture to allow the system to continue to securely provide these hardware facilities to users while preventing attackers from exploiting them. CacheLight restricts the ability to lock the cache to the Secure World of the processor such that the Normal World can still request certain memory to be locked into the cache by the secure operating system (OS) through a Secure Monitor Call (SMC). This grants the secure OS the power to verify and validate the information that will be locked in the requested cache way thereby ensuring that any data that remains in the cache will not be inconsistent with what exists in main memory for inspection. Malicious attempts to hide data can be prevented and recovered for analysis while legitimate requests can still generate valid entries in the cache.

Original languageEnglish (US)
Title of host publicationASHES 2018 - Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, co-located with CCS 2018
PublisherAssociation for Computing Machinery
Pages65-74
Number of pages10
ISBN (Electronic)9781450359962
DOIs
StatePublished - Oct 15 2018
Event2nd Workshop on Attacks and Solutions in Hardware Security, ASHES 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: Oct 19 2018 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2nd Workshop on Attacks and Solutions in Hardware Security, ASHES 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018
CountryCanada
CityToronto
Period10/19/18 → …

    Fingerprint

Keywords

  • Cache Locking
  • Embedded Systems Security
  • Hardware Assisted Security
  • Rootkit Defense
  • TrustZone

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Gutierrez, M., Zhao, Z., Doupe, A., Shoshitaishvili, Y., & Ahn, G-J. (2018). CacheLight: Defeating the cachekit attack. In ASHES 2018 - Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, co-located with CCS 2018 (pp. 65-74). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3266444.3266449