2,070 Hits in 5.1 sec

An Attack on SMC-Based Software Protection [chapter]

Yongdong Wu, Zhigang Zhao, Tian Wei Chui
2006 Lecture Notes in Computer Science  
Hence SMC is an effective method to obstruct software disassembling. This paper presents a method which circumvents the SMC protection, thus improving the performance of disassembling.  ...  By disabling the write privilege to the code section, an access violation exception occurs when an SMC attempts to execute.  ...  Nonetheless, based on control flow graph information and statistical methods, Kruegel et al.  ... 
doi:10.1007/11935308_25 fatcat:vckpdq6hpngprd7v3g2hpxpuqu

Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone

Nikolaos Koutroumpouchos, Christoforos Ntantogian, Christos Xenakis
2021 Sensors  
The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws.  ...  on their security.  ...  Solutions for Software Vulnerabilities When it comes to software attacks, the main identified issues are entirely based on basic software attacks (control flow graph manipulation through buffer overflows  ... 
doi:10.3390/s21020520 pmid:33450919 fatcat:mamfndmbcjbl7cpnr2j6dlxir4

SOTPM: Software One-Time Programmable Memory to Protect Shared Memory on ARM TrustZone

Dongwook Shim, Dong Hoon Lee
2020 IEEE Access  
SOTPM is a software-implemented, one-time programmable shared memory.  ...  While an encryption-based method that resolves this limitation does exist, there are some architectural limitations.  ...  TrustedUI [21] and TrustedOTP leverage Trust-Zone to protect sensitive input in a user interface and support software-based one-time passwords.  ... 
doi:10.1109/access.2020.3047813 fatcat:vmwan2uajrhnrjjtz6h6okr3mu

Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities

Joseph I. Choi, Kevin R. B. Butler
2019 Security and Communication Networks  
This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC.  ...  Trusted execution environments (TEEs) provide hardware-enforced isolation of code and data in use, making them promising candidates for making SMC more tractable.  ...  An add-on installed on the client's web browser first performs remote attestation of the server's password protection service.  ... 
doi:10.1155/2019/1368905 fatcat:izynm6msrvehfa3ghkw7tykk34

Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices

Yeongpil Cho, Jun-Bum Shin, Donghyun Kwon, MyungJoo Ham, Yuna Kim, Yunheung Paek
2016 USENIX Annual Technical Conference  
TrustZone-based approaches bloat the TCB of the system as they must increase the code base size of the most privileged software.  ...  Hypervisor-based approaches incur performance overhead on mobile devices that are already suffering from resource restrictions.  ...  Thus, OSP would have to provide two duplicate management interfaces which are implemented based on the SMC and the HVC instructions, and the normal world software would need to choose the proper interface  ... 
dblp:conf/usenix/ChoSKHKP16 fatcat:3dwlyjno6reevacolur6blvp7e

vTZ: Virtualizing ARM TrustZone

Zhichao Hua, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, Haibing Guan
2017 USENIX Security Symposium  
We have implemented vTZ on Xen 4.8 on both ARMv7 and ARMv8 development boards.  ...  Specifically, vTZ uses a tiny monitor running within the physical TrustZone that securely interposes and virtualizes memory mapping and world switching. vTZ further leverages a few pieces of protected,  ...  Software-based TEE: There are many types of TEE that are based on hypervisor [68, 56, 26, 67, 44, 41, 46] , or based on Linux kernel [31, 22, 27] , or based on compiler [30, 29] , to name a few.  ... 
dblp:conf/uss/HuaGXCZG17 fatcat:tbrqkkqp35g2phlkk3vrtxobhu


Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno
2017 Proceedings of the 26th Symposium on Operating Systems Principles - SOSP '17  
Intel SGX promises powerful security: an arbitrary number of user-mode enclaves protected against physical attacks and privileged software adversaries.  ...  Komodo illustrates an alternative approach to attested, on-demand, user-mode, concurrent isolated execution.  ...  These vary in their resilience to hardware attacks, size of the software trusted computing base, and granularity of protection.  ... 
doi:10.1145/3132747.3132782 dblp:conf/sosp/FerraiuoloBHP17 fatcat:wsua4s3a3nb4dcgtyfpzjtbqki

High-Order Observer-Based Sliding Mode Control for the Isolated Microgrid with Cyber Attacks and Physical Uncertainties

Hao Wang, He Jiang, Yan Zhao, Huanxin Guan, Bo Hu, Shunjiang Wang, Rui Wang
2020 Complexity  
Secondly, a HODO-based sliding mode control (SMC) strategy is proposed where the estimated value observed by the HODO is applied to the sliding mode surface and control law.  ...  Then, the stability of the HODO-based SMC is demonstrated by Lyapunov stability theory. Finally, simulation results show that the proposed control strategy has excellent control performance.  ...  SMC Based on the HODO. When the system is attacked, SMC is an effective control strategy to guarantee the security of the system.  ... 
doi:10.1155/2020/6662638 fatcat:r4x4j3akcvfwbopymm6cup73dm

Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture [article]

Xinyang Ge, Hayawardh Vijayakumar, Trent Jaeger
2014 arXiv   pre-print
Using SPROBES, an introspection mechanism protected by TrustZone can instrument individual operating system instructions of its choice, receiving an unforgeable trap whenever any SPROBE is executed.  ...  While researchers have advocated using virtualization to detect and prevent attacks on operating systems (e.g., VM introspection and trusted virtual domains), virtualization is not practical on smartphone  ...  However, even with this limitation, an adversary can still launch attacks that reuse existing code, based on the idea of return-oriented programming [22] (ROP).  ... 
arXiv:1410.7747v1 fatcat:onuokqtnjnc67bwmyks4rhtjua

TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices

He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, Haining Wang
2015 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
The trusted computing base (TCB) of TrustICE remains small and unchanged regardless of the amount of secure code being protected.  ...  It is a challenge to protect secure code from a malicious mobile OS. ARM TrustZone technology can protect secure code in a secure domain from an untrusted normal domain.  ...  An adversary is able to exploit software vulnerabilities to compromise the Rich OS and then launch attacks to compromise the code and data in ICEs.  ... 
doi:10.1109/dsn.2015.11 dblp:conf/dsn/SunSWJW15 fatcat:qharcdjt3rbdbe4ovnys2trd4u

Cost and Effectiveness of TrustZone Defense and Side-Channel Attack on ARM Platform

Naiwei Liu, Meng Yu, Wanyu Zang, Ravi S. Sandhu
2020 Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications  
However, the security design on ARM is severely challenged by different type of attackers. Side-channel attack is one of the major threats to ARM platform with TrustZone.  ...  Our experimental and theoretical evaluations can help in design of defense framework based on ARM TrustZone, and provide evidence of how efficient FLUSH operations can work in defense against cache threats  ...  The grants are for security research on cloud and systems.  ... 
doi:10.22667/jowua.2020.12.31.001 dblp:journals/jowua/LiuYZS20 fatcat:p5fij5o5pndh5mfibgdabmm3re

Sustaining Practices for On Demand & Deterministic Data Publishing using Privacy Preservation

Shubham Vishnudev Joshi
2020 International Journal of Software & Hardware Research in Engineering  
The time has changed on behalf of modular intervention of data and users. The data categories can be significantly determined.  ...  In today"s age of hand held devices, smart phones, the data is just seat back in cloud and as per the use called on demand. Thus  ...  A detailed review of SMC research is feasible where a framework on unsolved inventory of iJournals: International Journal of Software & Hardware Research in Engineering ISSN-2347-9698 Volume 8 Issue 4  ... 
doi:10.26821/ijshre.8.4.2020.8407 fatcat:2pvdns7vcfcxzn2i4htsux6yiu

The Informatics Security Cost of Distributed Applications

2010 Theoretical and Applied Economics  
The software product for organizational identifier validation is destined for choosing organization names as clear and as different as possible from the ones already stored in the data base.  ...  level and maintains the growth potential of the company on an ascending trend.  ... 
doaj:1ede5ce8fe4e42d08aced098c6e2dd80 fatcat:ryymmbk5wzdtzi34vsr6abxgcy

SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems

David Cerdeira, Nuno Santos, Pedro Fonseca, Sandro Pinto
2020 2020 IEEE Symposium on Security and Privacy (SP)  
Hundreds of millions of mobile devices worldwide rely on Trusted Execution Environments (TEEs) built with Arm TrustZone for the protection of security-critical applications (e.g., DRM) and operating system  ...  Unfortunately, these attacks have been possible by the presence of security flaws in TEE systems.  ...  into an SMC call.  ... 
doi:10.1109/sp40000.2020.00061 dblp:conf/sp/Cerdeira0FP20 fatcat:pzj3uu3vvfb4ra24pre2c5s3jm

A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices [chapter]

Javier González, Michael Hölzl, Peter Riedl, Philippe Bonnet, René Mayrhofer
2014 Lecture Notes in Computer Science  
Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.  ...  The first approach is often criticized for locking down devices, thus reducing users' freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification.  ...  Protection against these attacks using hardware based solutions assuring tamper resistance have been proposed in order to increase the protection of sensitive data on mobile devices [13] .  ... 
doi:10.1007/978-3-319-13257-0_35 fatcat:mcck3qgwsnfkpaudicrtsebyxy
« Previous Showing results 1 — 15 out of 2,070 results