Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
SeCloak:ARM TrustZone-based
Mobile Peripheral ControlMatthew Lentz, Rijurekha Sen,
Peter Druschel, Bobby Bhattacharjee
Control Over Your DevicesPowerful sensing and communication capabilities But can be misused by malicious software!
Consider important scenarios: Journalists use airplane mode while meeting with source Turn off microphone to prevent snooping
Sensing CommunicationCamera
Microphone Location
Motion Orientation
…
NFC Bluetooth WiFi Cellular …
Users Have Limited ControlThere are two fundamental issues: Incomplete settings e.g., Motion sensors on Android No assurance that settings are enforced Platform shown to be hard to secure as a whole
Problem Statement
What is minimally required to give users secure control over their devices?
affecting usability or stability
changes to existing software
Without
SeCloak - “Secure Cloak”
What is minimally required to give users secure control over their devices?
Sensing CommunicationCamera
Microphone Location
Motion Orientation
…
NFC Bluetooth WiFi Cellular
SeCloak provides secure “virtual” switches to users
SeCloak - “Secure Cloak”
What is minimally required to give users secure control over their devices?
Sensing CommunicationCamera
Microphone Location
Motion Orientation
…
NFC Bluetooth WiFi Cellular
SeCloak provides secure “virtual” switches to users
Untrusted Apps & OS
SeCloak Enforcement
SeCloak Design
SeKernelSeCloakSettings App
Trusted
Untrusted
SeCloak DesignTrusted
Untrusted
SeKernelSeCloakSettings App
Provides UI similar to traditional settings menus
Communicates policy settings to SeKernel
Policy
SeCloak DesignTrusted
Untrusted
SeKernelSeCloakSettings App
Provides UI similar to traditional settings menus
Communicates policy settings to SeKernel
Secure (re)display and user confirmation of policy
Configure HW protections to disable untrusted access
Handle access faults to enforce user policy
Policy
SeCloak on ARM TrustZone
Kernel(e.g., Linux) SeKernel
SeCloakSettings App
Trusted
Untrusted
ARM TrustZone supports two “worlds” Isolates SeKernel from untrusted kernel and apps Allows SeKernel to configure hardware protections
Non-Secure (NS)World
Secure (S)World
Policy
SMC
Hardware Protections
Kernel(e.g., Linux) SeKernel
SeCloakSettings App
Trusted
Untrusted
SMC
IRQ Controller
IRQ
Set IRQ owner to Kernel or SeKernel
1
1
Hardware Protections
Kernel(e.g., Linux) SeKernel
SeCloakSettings App
Trusted
Untrusted
SMC
IRQ Controller
MMIO IRQ
Dev
System Bus
Firewall
DevSet IRQ owner to Kernel or SeKernel
1
2
1
Configure to deny accesses made by Kernel Reports access faults to SeKernel2
…
Hardware Protections
Kernel(e.g., Linux) SeKernel
SeCloakSettings App
Trusted
Untrusted
SMC
IRQ Controller
MMIO IRQ
Dev
System Bus
Firewall
DevSet IRQ owner to Kernel or SeKernel
1
2
1
Configure to deny accesses made by Kernel Reports access faults to SeKernel2
…
How do we securely identify theseprotection domains for devices?
Device Tree (DT)soc
aips2
uart3
bt
Bus
Peripheral
InterruptController
MMIO = <Addr, Size> IRQ = <28>
MMIO = <Addr, Size>
Device Tree specifies embedded hardware Each node represents a device
Nodes contain configuration properties
intc
DT with SeCloak Properties
Added Security and Class properties Security corresponds to HW firewall configuration Class associates a known setting name with a device
SeKernel verifies and parses a signed DT
Bus
Peripheral
InterruptController
Class = “Bluetooth”
soc
aips2
uart3
bt
MMIO = <Addr, Size> IRQ = <28> Security = <70>
MMIO = <Addr, Size>intc
Application Functionality
SeCloakSettings App
Example: Disabling Bluetooth
Kernel(e.g., Linux) SeKernel
SeCloakSettings App
SMC
Bluetooth DisabledCLOAK_SET([010…0])
Example: Disabling Bluetooth
Kernel(e.g., Linux) SeKernel
SeCloakSettings App
SMC
Bluetooth DisabledCLOAK_SET([010…0])
Policy could be modified bymalicious software!
SeKernel: Confirming Policy
1
2
3
4
Acquire the display and input devicesTurn on the LED to notify user that SeKernel is active
(Re)Display settings to user
Wait for user confirmation for whether to apply settings…
SeKernel CLOAK_SET([010…0])
SeKernel: Applying Policy
Class = “Bluetooth”
soc
aips2
uart3
bt
Bus
Peripheral
InterruptController
intc
i2c3
ft5x06Class = “Touchscreen”
CLOAK_SET([010…0])
Security = <70>Security = <25>
SeKernel: Applying Policy
Class = “Bluetooth”
soc
aips2
Bus
Peripheral
InterruptController
Security = <25>
intc
i2c3
ft5x06Class = “Touchscreen”
CLOAK_SET([010…0])
Security = <70>uart3
bt
Security = <25>
SeKernel: Applying Policy
Class = “Bluetooth”bt
Bus
Peripheral
InterruptController
intc
i2c3
ft5x06Class = “Touchscreen”
CLOAK_SET([010…0])
Security = <70>uart3
soc
aips2
Security = <25>
SeKernel: Applying Policy
Class = “Bluetooth”bt
Bus
Peripheral
InterruptController
intc
i2c3
ft5x06Class = “Touchscreen”
CLOAK_SET([010…0])
Security = <70>uart3
soc
aips2
SeKernel: Applying Policy
For all devices in the subtree: Secure and disable IRQs Configure firewall protections Setup fault handler for MMIO accesses
Bus
Peripheral
InterruptController
Class = “Bluetooth”
soc
aips2
bt
intc
i2c3
ft5x06Class = “Touchscreen”
Security = <25> uart3MMIO = <Addr, Size>IRQ = <28>Security = <70>
SeKernel: Fault Handling
Kernel(e.g., Linux)
SeKernel
MMIO
BT
System Bus
Firewall
Access Fault
What happens if the Kernel accesses a protected device?
SeKernel: Fault Handling
Kernel(e.g., Linux)
SeKernel
MMIO
BT
System Bus
Firewall
Access Fault
1 Determine instruction and data address
(LDR|STR) Reg, [Address]
From disassembling the instruction
From CPU fault information
SeKernel: Fault Handling
Kernel(e.g., Linux)
SeKernel
MMIO
BT
System Bus
Firewall
Access Fault
1 Determine instruction and data address
(LDR|STR) Reg, [Address]
From disassembling the instruction
From CPU fault information
2 Lookup and enforce policy for address
Allow
Deny
Issue LDR/STR & Optionally modify value
Discard STR / Return 0 for LDR
Set of devices with common security group (or) Device shared between NS/S worlds
EvaluationPrototype for Nitrogen6X board i.MX6 SoC with ARM Cortex A9 (1GHz)
SeKernel implemented in <15k LoC Based on pared-down OP-TEE OS Includes drivers for CSU, Framebuffer, GPIO, and Keypad
Benchmarks demonstrate reasonable overhead:
Instruction Time (µs)Execution Load (LDR) Store (STR)Baseline 0.11 0.29Emulated 1.14 1.19
Repeated accesses to WiFi controller register
Summary
Source code is available at:www.cs.umd.edu/projects/secureio
SeCloak enforces user-specified on/off control policiessmall enforcement kernel runs alongside any OS
Camera Microphone
Location Motion
Orientation …
NFC Bluetooth WiFi Cellular
Untrusted Apps & OS
SeCloak Enforcement
Backup Slides
SeKernel: LoC Breakdown
Micro: Emulated LDR/STRs
Macro: Emulated Wi-Fi
SeKernel: Emulation Details