Observations over SPROBES Mechanism on the TrustZone Architecture

Observations over SPROBES Mechanism on the TrustZone Architecture

In this paper we try to reproduce the results described in the paper "SPROBES: Enforcing Kernel Code Integrity on the TrustZone Architecture" [1]. The implementation revolves around the idea of protecting the operating system against rootkits with minimum overhead. This is described as an...

Full description

Saved in:
Bibliographic Details
Published in:2019 22nd International Conference on Control Systems and Computer Science (CSCS) pp. 317 - 322
Main Authors: Vaduva, Jan-Alexandru, Dascalu, Stefan, Florea, Iulia-Maria, Culic, Iulia, Rughinis, Razvan
Format: Conference Proceeding
Language:English
Published: IEEE 01-05-2019
Subjects:
rootkits
Secure Monitor Calls
TrustZone
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper we try to reproduce the results described in the paper "SPROBES: Enforcing Kernel Code Integrity on the TrustZone Architecture" [1]. The implementation revolves around the idea of protecting the operating system against rootkits with minimum overhead. This is described as an introspection mechanism implemented through TrustZone Secure Monitor Calls (SMC) and handled in secure world. It can instrument any operating system instruction. Since the challenge with this implementation was to avoid being removed by a rootkit, five invariants were enforced and considered to be enough to protect the operating system. This implementation was done on a Linux kernel 2.6.38 and used only 12 such SPROBES. As the original article was written the ARM market is expanding further and further with TrustZone extension now available even on the M series cortex systems. In addition to smartphones as described in previous article, the TrustZone extension is found in a lot of IoT device, such as RaspberryPi and in high-end devices. We try to reimplement the above-mentioned work on a new 4.9 Linux kernel and latest arm-trusted-firmware implementation for a reference ARM 64 hardware in order to identify if it could prove a viable software solution Also we provide feedback and observations for this whole process.
ISSN:2379-0482
DOI:10.1109/CSCS.2019.00057