TY - GEN
T1 - CacheLight
T2 - 2nd Workshop on Attacks and Solutions in Hardware Security, ASHES 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018
AU - Gutierrez, Mauricio
AU - Zhao, Ziming
AU - Doupe, Adam
AU - Shoshitaishvili, Yan
AU - Ahn, Gail-Joon
PY - 2018/10/15
Y1 - 2018/10/15
N2 - To protect software systems from attacks, ARM introduced a hardware security extension known as TrustZone. TrustZone provides an isolated execution environment, which can be used to deploy various memory integrity and malware detection tools. However, a new type of rootkit, namely CacheKit, can exploit cache incoherency and cache locking mechanisms in TrustZone to hide itself from such inspections. Therefore, it is imperative to design a new approach to ensure the correct use of cache locking and prevent malicious code from being hidden in the cache. In this paper, we present CacheLight, which leverages the TrustZone and Virtualization extensions of the ARM architecture to allow the system to continue to securely provide these hardware facilities to users while preventing attackers from exploiting them. CacheLight restricts the ability to lock the cache to the Secure World of the processor such that the Normal World can still request certain memory to be locked into the cache by the secure operating system (OS) through a Secure Monitor Call (SMC). This grants the secure OS the power to verify and validate the information that will be locked in the requested cache way thereby ensuring that any data that remains in the cache will not be inconsistent with what exists in main memory for inspection. Malicious attempts to hide data can be prevented and recovered for analysis while legitimate requests can still generate valid entries in the cache.
AB - To protect software systems from attacks, ARM introduced a hardware security extension known as TrustZone. TrustZone provides an isolated execution environment, which can be used to deploy various memory integrity and malware detection tools. However, a new type of rootkit, namely CacheKit, can exploit cache incoherency and cache locking mechanisms in TrustZone to hide itself from such inspections. Therefore, it is imperative to design a new approach to ensure the correct use of cache locking and prevent malicious code from being hidden in the cache. In this paper, we present CacheLight, which leverages the TrustZone and Virtualization extensions of the ARM architecture to allow the system to continue to securely provide these hardware facilities to users while preventing attackers from exploiting them. CacheLight restricts the ability to lock the cache to the Secure World of the processor such that the Normal World can still request certain memory to be locked into the cache by the secure operating system (OS) through a Secure Monitor Call (SMC). This grants the secure OS the power to verify and validate the information that will be locked in the requested cache way thereby ensuring that any data that remains in the cache will not be inconsistent with what exists in main memory for inspection. Malicious attempts to hide data can be prevented and recovered for analysis while legitimate requests can still generate valid entries in the cache.
KW - Cache Locking
KW - Embedded Systems Security
KW - Hardware Assisted Security
KW - Rootkit Defense
KW - TrustZone
UR - http://www.scopus.com/inward/record.url?scp=85056722311&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056722311&partnerID=8YFLogxK
U2 - 10.1145/3266444.3266449
DO - 10.1145/3266444.3266449
M3 - Conference contribution
AN - SCOPUS:85056722311
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 65
EP - 74
BT - ASHES 2018 - Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, co-located with CCS 2018
PB - Association for Computing Machinery
Y2 - 19 October 2018
ER -