Security threat level estimation for untrusted software based on TrustZone technology

The paper proposes a model for assessing the security of information processed by untrusted software from the components of the TrustZone technology. The results of vulnerability analysis of TrustZone technology implementations are presented. The structure of the trustlets security analysis tool has been developed. The paper deals with the problem of assessing the credibility of foreign-made software and hardware based on processors with the ARM architecture. The main results of the work are the classification of trustlets using their threat level assessment and the model of security threat level estimation of information processed by trustlets. Trustlets are software that operates in a trusted execution environment based on TrustZone technology in computers with ARM processors. An assessment of the security of information processed by trustlets for some implementations of trusted execution environments was carried out. The structural scheme of the analysis tool that allows identifying potentially dangerous code constructs in binary files of trustlets is presented. Also analysis tool's algorithm performing syntactic analysis of trustlet data is described. The calculation of the security assessment is carried out on the basis of a set of features proposed by authors. Calculated security assessment levels can be used to classify trustlets that are part of «trusted» operating systems based on TrustZone technology. The levels of potential threat to the security of the information they process are used to differ trustlets during certification tests and vulnerability search. It is advisable to use the results of the work in the interests of conducting certification tests of computer software based on processors with ARM architecture.

1. Zakharkin P.V., Melnikov P.V. The system of software analysis for the absence of undeclared capabilities. Software Engineering, vol. 9, no. 2, 2018, pp. 69-75 (in Russian) / Закалкин П.В., Мельников П.В. Система анализа программного обеспечения на предмет отсутствия недекларированных возможностей. Программная инженерия, том 9, no. 2, 2018 г., стр. 69-75.

2. Skovoroda A.A., Gamayunov D.Yu. Dynamic analysis of mobile applications. Software Engineering. 2019, No. 7-8, pp. 324-333 (in Russian) / Сковорода А.А., Гамаюнов Д.Ю. Динамический анализ мобильных приложений. Программная инженерия, том 10, no. 7-8, 2019 г., стр. 324-333.

3. Gaivoronskaya S.A. Hybrid method for detecting shellcodes. Systems of high availability. 2012, vol. 2, No. 8, pp. 33-44 (in Russian) / Гайворонская С.А. Гибридный метод обнаружения шеллкодов. Системы высокой доступности, vol. 8, no. 2, 2012 г., pp. 33-44

4. Begaev A.N., Kashin S.V. et al. Identification of vulnerabilities and undeclared opportunities in software. St. Petersburg, ITMO University, 2020, 38 p. (in Russian) / Бегаев А.Н., Кашин С.В. и др. Выявление уязвимостей и недекларированных возможностей в программном обеспечении. Учебно-методическое пособие. Санкт-Петербург, Университет ИТМО, 2020 г., 38 стр.

5. Markov A. S., Cirlov V.L., Barabanov A.V. Methods for assessing the inconsistency of information security tools. Moscow, Radio and Communications, 2012, 192 p. (in Russian) / Марков А.С., Цирлов В.Л., Барабанов А.В. Методы оценки несоответствия средств защиты информации. Москва, «Радио и связь», Москва, «Радио и связь», 2012 г., 192 стр.

6. Goryunov M.N., Eremenko V.T. et al. Recognition of functional objects of software in the absence of source texts. Information systems and technologies, no. 5, 2013, pp. 112-120 (in Russian) / Горюнов М.Н., Ерёменко В.Т. и др. Распознавание функциональных объектов программного обеспечения в условиях отсутствия исходных текстов. Информационные системы и технологии, no. 5, 2013 г., стр. 112-120.

7. Costan V., Devadas S. Intel SGX Explained. URL: https://eprint.iacr.org/2016/086.pdf, 2016.

8. Pinto S., Santos N. Demystifying Arm TrustZone: A Comprehensive Survey. ACM Computing Surveys, vol. 51, issue 6, 2019, article no. 130, 36 p.

9. Stajnrod R., Yehuda R.B, Zaidenberg N.J. Attacking TrustZone on devices lacking memory protection. Journal of Computer Virology and Hacking Techniques, 2021, 11 p.

10. Gross M., Jacob N. et al. Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC. Journal of Cryptographic Engineering, 2021, 16 p.

11. Shakevsky A., Ronen E. Avishai Wool Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design. URL: https://eprint.iacr.org/2022/208.pdf, 2022.

12. Wan S., Sun M. et al. RusTEE: developing memory-safe ARM TrustZone applications. In Proc. of the Annual Computer Security Applications Conference (ACSAC 2020), 2020, pp. 442–453.

13. Benedito O., Delgado-Gonzalo R., Schiavoni V. KeVlar-Tz: A Secure Cache for Arm TrustZone. Lecture Notes in Computer Science, vol 12718, 2021, pp. 109-124.

14. Trusted platform for ARM processors. URL: https://www.aladdin-rd.ru/catalog/tsm, accessed: 10.12.2021 (in Russian) / Доверенная платформа для процессоров ARM.

15. Certificate of Conformity FSTEC of Russia No. 4155. URL: https://www.aladdin-rd.ru/upload/certified/sertifikat_fstek_4155_tsm.pdf, accessed: 10.12.2021 (in Russian) / Сертификат соответствия ФСТЭК России No 4155.

16. Yehuda R.B., Leon R., Zaidenberg N.J. ARM Security Alternatives. In Proc. of the 18th European Conference on Cyber Warfare and Security, 2019, pp. 604–612.

17. Markin D.O., Makeev S.M. et al. Methodology of research of system software of network equipment of the Cisco family for the presence of undeclared capabilities. Scientific Notes of the Orel State University, no. 3(88), 2020, pp. 215-221 (in Russian) / Маркин Д.О., Макеев С.М. и др. Методика исследования системного программного обеспечения сетевого оборудования семейства cisco на предмет наличия недекларируемых возможностей. Ученые записки Орловского государственного университета, no. 3(88), 2020 г., стр. 215-221.

18. Cerdeira, D., Santos N. et al. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In Proc. of the IEEE Symposium on Security and Privacy, 2020, pp. 1416-1432.

19. Markin D.O., Ho T.Т., Meshkov N.P. Features of the search for software vulnerabilities based on TrustZone technology. Problems of information security. Computer systems, no. 4, 2020, pp. 79-87 (in Russian) / Маркин Д.О., Хо Т.Ч., Мешков Н.П. Особенности поиска уязвимостей программного обеспечения на основе технологии TrustZone. Проблемы информационной безопасности. Компьютерные системы, no. 4, 2020 г., стр. 79-87.

20. Markin D. O., Ho T. Т. Research of vulnerabilities of the trusted application execution environment based on TrustZone technology. Izvestiya Tula State University. Technical sciences, issue 9, 2020, pp. 316-328 (in Russian) / Маркин Д.О., Хо Т.Ч. Исследование уязвимостей доверенной среды исполнения приложении на основе технологии TrustZone. Известия тульского государственного университета технические науки, вып. 9, 2020 г., pp. 316-328.

21. Extracting Qualcomm’s KeyMaster Keys – Breaking Android Full Disk Encryption (Jun 2016). URL: https://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html, accessed: 10.12.2021.

22. Di Shen. Attacking your "Trusted Core". Exploiting TrustZone on Android. URL: https://www.blackhat.com/docs/us-15/materials/us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android.pdf, accessed: 10.12.2021.