Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone

Haehyun Cho; Penghui Zhang; Donguk Kim; Jinbum Park; Choong Hoon Lee; Ziming Zhao; Adam Doupé; Gail Joon Ahn

doi:10.1145/3274694.3274704

Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone

Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong Hoon Lee, Ziming Zhao, Adam Doupé, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

23 Scopus citations

Abstract

The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. In this paper, we report cross-world covert channels, which exploit the world-shared cache in the TrustZone architecture. We design a Prime+Count technique that only cares about how many cache sets or lines have been occupied. The coarser-grained approach significantly reduces the noise introduced by the pseudo-random replacement policy and world switching. Using our Prime+Count technique, we build covert channels in single-core and cross-core scenarios in the TrustZone architecture. Our results demonstrate that Prime+Count is an effective technique for enabling cross-world covert channels on ARM TrustZone.

Original language	English (US)
Title of host publication	Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018
Publisher	Association for Computing Machinery
Pages	441-452
Number of pages	12
ISBN (Electronic)	1595930361, 9781450364430
DOIs	https://doi.org/10.1145/3274694.3274704
State	Published - Jan 22 2018
Event	34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States Duration: Dec 3 2018 → Dec 7 2018

Publication series

Name	ACM International Conference Proceeding Series
Volume	2018-January

Conference

Conference	34th Annual Computer Security Applications Conference, ACSAC 2018
Country/Territory	United States
City	San Juan
Period	12/3/18 → 12/7/18

Keywords

ARM TrustZone
Cache side-channel
Covert channels

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Access to Document

10.1145/3274694.3274704

Cite this

Cho, H., Zhang, P., Kim, D., Park, J., Lee, C. H., Zhao, Z., Doupé, A., & Ahn, G. J. (2018). Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. In Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018 (pp. 441-452). (ACM International Conference Proceeding Series; Vol. 2018-January). Association for Computing Machinery. https://doi.org/10.1145/3274694.3274704

Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. / Cho, Haehyun; Zhang, Penghui; Kim, Donguk et al.
Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. Association for Computing Machinery, 2018. p. 441-452 (ACM International Conference Proceeding Series; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Cho, H, Zhang, P, Kim, D, Park, J, Lee, CH, Zhao, Z, Doupé, A & Ahn, GJ 2018, Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. in Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. ACM International Conference Proceeding Series, vol. 2018-January, Association for Computing Machinery, pp. 441-452, 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, United States, 12/3/18. https://doi.org/10.1145/3274694.3274704

Cho H, Zhang P, Kim D, Park J, Lee CH, Zhao Z et al. Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. In Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018. Association for Computing Machinery. 2018. p. 441-452. (ACM International Conference Proceeding Series). doi: 10.1145/3274694.3274704

@inproceedings{b63f69fd101d43d698435510047b4406,

title = "Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone",

abstract = "The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. In this paper, we report cross-world covert channels, which exploit the world-shared cache in the TrustZone architecture. We design a Prime+Count technique that only cares about how many cache sets or lines have been occupied. The coarser-grained approach significantly reduces the noise introduced by the pseudo-random replacement policy and world switching. Using our Prime+Count technique, we build covert channels in single-core and cross-core scenarios in the TrustZone architecture. Our results demonstrate that Prime+Count is an effective technique for enabling cross-world covert channels on ARM TrustZone.",

keywords = "ARM TrustZone, Cache side-channel, Covert channels",

author = "Haehyun Cho and Penghui Zhang and Donguk Kim and Jinbum Park and Lee, {Choong Hoon} and Ziming Zhao and Adam Doup{\'e} and Ahn, {Gail Joon}",

note = "Funding Information: This material is based upon work supported in part by Sam-sung Research, Samsung Electronics, the Center for Cybersecurity and Digital Forensics at Arizona State University, the National Science Foundation (NSF 1651661), the Defense Advanced Research Projects Agency (DARPA HR001118C0060), and the Global Research Laboratory Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT under Grant NRF-2014K1A1A2043029. Publisher Copyright: {\textcopyright} 2018 ACM.; 34th Annual Computer Security Applications Conference, ACSAC 2018 ; Conference date: 03-12-2018 Through 07-12-2018",

year = "2018",

month = jan,

day = "22",

doi = "10.1145/3274694.3274704",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "441--452",

booktitle = "Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018",

}

TY - GEN

T1 - Prime+Count

T2 - 34th Annual Computer Security Applications Conference, ACSAC 2018

AU - Cho, Haehyun

AU - Zhang, Penghui

AU - Kim, Donguk

AU - Park, Jinbum

AU - Lee, Choong Hoon

AU - Zhao, Ziming

AU - Doupé, Adam

AU - Ahn, Gail Joon

N1 - Funding Information: This material is based upon work supported in part by Sam-sung Research, Samsung Electronics, the Center for Cybersecurity and Digital Forensics at Arizona State University, the National Science Foundation (NSF 1651661), the Defense Advanced Research Projects Agency (DARPA HR001118C0060), and the Global Research Laboratory Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT under Grant NRF-2014K1A1A2043029. Publisher Copyright: © 2018 ACM.

PY - 2018/1/22

Y1 - 2018/1/22

N2 - The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. In this paper, we report cross-world covert channels, which exploit the world-shared cache in the TrustZone architecture. We design a Prime+Count technique that only cares about how many cache sets or lines have been occupied. The coarser-grained approach significantly reduces the noise introduced by the pseudo-random replacement policy and world switching. Using our Prime+Count technique, we build covert channels in single-core and cross-core scenarios in the TrustZone architecture. Our results demonstrate that Prime+Count is an effective technique for enabling cross-world covert channels on ARM TrustZone.

AB - The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. In this paper, we report cross-world covert channels, which exploit the world-shared cache in the TrustZone architecture. We design a Prime+Count technique that only cares about how many cache sets or lines have been occupied. The coarser-grained approach significantly reduces the noise introduced by the pseudo-random replacement policy and world switching. Using our Prime+Count technique, we build covert channels in single-core and cross-core scenarios in the TrustZone architecture. Our results demonstrate that Prime+Count is an effective technique for enabling cross-world covert channels on ARM TrustZone.

KW - ARM TrustZone

KW - Cache side-channel

KW - Covert channels

UR - http://www.scopus.com/inward/record.url?scp=85133868067&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85133868067&partnerID=8YFLogxK

U2 - 10.1145/3274694.3274704

DO - 10.1145/3274694.3274704

M3 - Conference contribution

AN - SCOPUS:85133868067

T3 - ACM International Conference Proceeding Series

SP - 441

EP - 452

BT - Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018

PB - Association for Computing Machinery

Y2 - 3 December 2018 through 7 December 2018

ER -

Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this