research-article

Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation

Authors:

Yunheung PaekAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 22, Issue 2

Article No.: 10, Pages 1 - 30

https://doi.org/10.1145/3309698

Published: 26 February 2019 Publication History

Abstract

Security monitoring has long been considered as a fundamental mechanism to mitigate the damage of a security attack. Recently, intra-level security systems have been proposed that can efficiently and securely monitor system software without any involvement of more privileged entity. Unfortunately, there exists no full intra-level security system that can universally operate at any privilege level on ARM. However, as malware and attacks increase against virtually every level of privileged software including an OS, a hypervisor, and even the highest privileged software armored by TrustZone, we have been motivated to develop an intra-level security system, named Hilps. Hilps realizes true intra-level scheme in all these levels of privileged software on ARM by elaborately exploiting a new hardware feature of ARM’s latest 64-bit architecture, called TxSZ, that enables elastic adjustment of the accessible virtual address range. Furthermore, Hilps newly supports the sandbox mechanism that provides security tools with individually isolated execution environments, thereby minimizing security threats from untrusted security tools. We have implemented a prototype of Hilps on a real machine. The experimental results demonstrate that Hilps is quite promising for practical use in real deployments.

References

[1]

CVE Details. 2018. Linux kernel vulnerabilities. Retrieved from http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33.

[2]

LLVM Linux. {n.d.}. Retrieved from http://llvm.linuxfoundation.org.

[3]

CVE Details. 2018. Xen: Vulnerability statistics. Retrieved from http://www.cvedetails.com/vendor/6276/XEN.html.

[4]

Darren Abramson, Jeff Jackson, Sridhar Muthrasanallur, Gil Neiger, Greg Regnier, Rajesh Sankaran, Ioannis Schoinas, Rich Uhlig, Balaji Vembu, and John Wiegert. 2006. Intel virtualization technology for directed I/O. Intel Technology Journal 10, 3 (2006), 179--192.

[5]

Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Ahmed M. Azab, Kirk Swidowski, and Peng Ning. 2016. SKEE: A lightweight secure kernel-level execution environment for ARM. In Proceedings of the Network and Distributed System Security Symposium.

[6]

ARM. {n.d.}. System Memory Management Unit (SMMU). Retrieved from http://www.arm.com/products/system-ip/controllers/system-mmu.php.

[7]

ARM. 2015. Versatile express Juno r1 development platform. Retrieved from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.100122_0100_01_en/bri1412864820181.html.

[8]

Ahmed M. Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[9]

Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. 2010. HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM Conference on Computer and Communications Security.

Digital Library

[10]

Ahmed M. Azab, Peng Ning, and Xiaolan Zhang. 2011. Sice: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security.

Digital Library

[11]

Victor R. Basili and Barry T. Perricone. 1984. Software errors and complexity: An empirical investigation. Commun. ACM 27, 1 (1984), 43--52.

Digital Library

[12]

Erick Bauman, Gbadebo Ayoade, and Zhiqiang Lin. 2015. A survey on hypervisor-based monitoring: Approaches, applications, and evolutions. ACM Comput. Surveys 48, 1 (2015), 10 pages.

Digital Library

[13]

Michael Becher, Maximillian Dornseif, and Christian N. Klein. 2005. FireWire: All your memory are belong to us. Proceedings of CanSecWest.

[14]

Miguel Castro, Manuel Costa, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul Barham, and Richard Black. 2009. Fast byte-granularity software fault isolation. In Proceedings of the 22nd ACM SIGOPS Symposium on Operating Systems Principles.

Digital Library

[15]

Yeongpil Cho, Donghyun Kwon, Hayoon Yi, and Yunheung Paek. 2017. Dynamic virtual address range adjustment for intra-level privilege separation on ARM. In Proceedings of the Network and Distributed System Security Symposium.

[16]

John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual ghost: Protecting applications from hostile operating systems. Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (2014).

Digital Library

[17]

Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, and Vikram Adve. 2015. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems.

Digital Library

[18]

Úlfar Erlingsson. 2003. The Inlined Reference Monitor Approach to Security Policy Enforcement. Technical Report. Cornell University.

[19]

Ulfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. 2006. XFI: Software guards for system address spaces. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation.

Digital Library

[20]

Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. 2017. Komodo: Using verification to disentangle secure-enclave hardware from software. In Proceedings of the 26th Symposium on Operating Systems Principles. ACM, 287--305.

Digital Library

[21]

Stephanie Forrest, Steven A. Hofmeyr, Aniln Somayaji, and Thomas A. Longstaff. 1996. A sense of self for unix processes. In Proceedings of the 17th IEEE Symposium on Security and Privacy.

Digital Library

[22]

Tal Garfinkel, Mendel Rosenblum, et al. 2003. A virtual machine introspection-based architecture for intrusion detection. In Proceedings of the Network and Distributed System Security Symposium.

[23]

Xinyang Ge, Hayawardh Vijayakumar, and Trent Jaeger. 2014. Sprobes: Enforcing kernel code integrity on the trustzone architecture. In Proceedings of the workshop on Mobile Security Technologies (MoST'14).

[24]

Kim Hazelwood and Artur Klauser. 2006. A dynamic binary instrumentation engine for the ARM architecture. In Proceedings of the 2006 International Conference on Compilers, Architecture and Synthesis for Embedded Systems. ACM, 261--270.

Digital Library

[25]

Owen S. Hofmann, Alan M. Dunn, Sangman Kim, Indrajit Roy, and Emmett Witchel. 2011. Ensuring operating system kernel integrity with OSck. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems.

Digital Library

[26]

Intel. 2008. Trusted Execution Technology: Software Development Guide (315168- 005). Retrieved from https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf.

[27]

Taegyu Kim, Chung Hwan Kim, Hongjun Choi, Yonghwi Kwon, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2017. RevARM: A platform-agnostic arm binary rewriter for security applications. In Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, 412--424.

Digital Library

[28]

Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In Proceedings of the 41st Annual International Symposium on Computer Architecture.

Digital Library

[29]

Samuel T. King and Peter M. Chen. 2006. SubVirt: Implementing malware with virtual machines. In Proceedings of the 27th IEEE Symposium on Security and Privacy.

Digital Library

[30]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish et al. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM SIGOPS Symposium on Operating Systems Principles.

Digital Library

[31]

J. Liedtke. 1995. On micro-kernel construction. In Proceedings of the 15th ACM Symposium on Operating Systems Principles.

Digital Library

[32]

Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Software fault isolation with API integrity and multi-principal modules. In Proceedings of the 23rd ACM SIGOPS Symposium on Operating Systems Principles.

Digital Library

[33]

Alex Markuze, Adam Morrison, and Dan Tsafrir. 2016. True IOMMU protection from DMA attacks: When copy is faster than zero copy. In Proceedings of the 21st International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’16).

Digital Library

[34]

Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference in Computer Systems.

Digital Library

[35]

Subhas C. Misra and Virendra C. Bhavsar. 2003. Relationships between selected software measures and latent bug-density: Guidelines for improving quality. In Computational Science and Its Applications ICCSA.

Digital Library

[36]

Thomas J. Ostrand and Elaine J. Weyuker. 2002. The distribution of faults in a large industrial software system. In ACM SIGSOFT Software Engineering Notes.

Digital Library

[37]

Nick L. Petroni Jr. and Michael Hicks. 2007. Automated detection of persistent kernel control-flow attacks. In Proceedings of the 14th ACM conference on Computer and Communications Security.

Digital Library

[38]

David R. Piegdon and L. Pimenidis. 2007. hacking in physically addressable memory. In Proceedings of the Seminar of Advanced Exploitation Techniques (WS’07).

[39]

Dan Rosenberg. 2014. QSEE trustzone kernel integer overflow. In Black Hat USA. Retrieved from https://blackhat.com/docs/us-14/materials/us-14-Rosenberg-Reflections-On-Trusting-TrustZone-WP.pdf.

[40]

Thomas Roth. 2013. Next generation mobile rootkits. In Black Hack Europe. Retrieved from https://hackinparis.com/data/slides/2013/Slidesthomasroth.pdf.

[41]

Fred B. Schneider, Greg Morrisett, and Robert Harper. 2001. A language-based approach to security. In Informatics.

Digital Library

[42]

David Sehr, Robert Muth, Cliff Biffle, Victor Khimenko, Egor Pasko, Karl Schimpf, Bennet Yee, and Brad Chen. 2010. Adapting software fault isolation to contemporary CPU architectures. In Proceedings of the 19th USENIX Security Symposium.

Digital Library

[43]

Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. 2007. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles.

Digital Library

[44]

Monirul I. Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi. 2009. Secure in-vm monitoring using hardware virtualization. In Proceedings of the 16th ACM Conference on Computer and Communications Security.

Digital Library

[45]

Di Shen. 2015. Attacking your trusted core: Exploiting trustzone on android. In Black Hat USA. Retrieved from https://www.blackhat.com/docs/us-15/materials/us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android.pdf.

[46]

Abhinav Srivastava and Jonathon T. Giffin. 2011. Efficient monitoring of untrusted kernel-mode execution. In Proceedings of the Network and Distributed System Security Symposium.

[47]

Udo Steinberg and Bernhard Kauer. 2010. NOVA: A microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European Conference on Computer Systems.

Digital Library

[48]

G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten Van Dijk, and Srinivas Devadas. 2003. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th Annual International Conference on Supercomputing.

Digital Library

[49]

Michael M. Swift, Brian N. Bershad, and Henry M. Levy. 2003. Improving the reliability of commodity operating systems. In Proceedings of the 19th ACM Symposium on Operating Systems Principles.

Digital Library

[50]

Josh Thomas and Nathan Keltner. 2014. Here be dragons. In Proceedings of RECON Canada.

[51]

Donghai Tian, Xi Xiong, Changzhen Hu, and Peng Liu. 2014. Defeating buffer overflow attacks via virtualization. Comput. Electric. Eng. 40, 6 (2014), 1940--1950.

[52]

EFI Unified. 2014. Unified extensible firmware interface specification. Retrieved from https://uef.org/specifcations.

[53]

Ananthasayanam Vasudevan, Sagar Chaki, Limin Jia, Jonathan McCune, James Newsome, and Amitava Datta. 2013. Design, implementation and verification of an extensible and modular hypervisor framework. In Proceedings of the 34th IEEE Symposium on Security and Privacy.

Digital Library

[54]

Amit Vasudevan, Sagar Chaki, Petros Maniatis, Limin Jia, and Anupam Datta. 2016. überSpark: Enforcing verifiable object abstractions for automated compositional security analysis of a hypervisor. In Proceedings of the USENIX Security Symposium. 87--104.

Digital Library

[55]

Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1994. Efficient software-based fault isolation. In ACM SIGOPS Operating Systems Review, Vol. 27. ACM, 203--216.

Digital Library

[56]

Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, and Yajin Zhou. 2015. SecPod: A framework for virtualization-based security systems. In Proceedings of the USENIX Annual Technical Conference.

Digital Library

[57]

Zhi Wang and Xuxian Jiang. 2010. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Proceedings of the 31st IEEE Symposium on Security and Privacy.

Digital Library

[58]

Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. 2009. Countering kernel rootkits with lightweight hook protection. In Proceedings of the 16th ACM Conference on Computer and Communications Security.

Digital Library

[59]

Chiachih Wu, Zhi Wang, and Xuxian Jiang. 2013. Taming hosted hypervisors with (Mostly) deprivileged execution. In Proceedings of the Network and Distributed System Security Symposium.

[60]

Rubin Xu, Hassen Saïdi, and Ross Anderson. 2012. Aurasium: Practical policy enforcement for android applications. In Proceedings of the 21st USENIX Security Symposium.

Digital Library

[61]

Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy.

Digital Library

[62]

Fengwei Zhang, Jiang Wang, Kun Sun, and Angelos Stavrou. 2014. Hypercheck: A hardware-assisted integrity monitor. IEEE Trans. Depend. Secure Comput. 11, 4 (2014), 332--344.

Cited By

Wu HChen YZhou YWang YZhang L(2023)DriverJar: Lightweight Device Driver Isolation for ARM2023 60th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC56929.2023.10247974(1-6)Online publication date: 9-Jul-2023
https://doi.org/10.1109/DAC56929.2023.10247974
Guo YWang ZZhong BZeng Q(2022)Formal Modeling and Security Analysis for Intra-level Privilege SeparationProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567984(88-101)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567984
Siswanto AEfendi AHasrin ZArifin B(2022)Two-Factor Authentication for Safe Deposit Box Based on Embedded SystemProceedings of 2nd International Conference on Smart Computing and Cyber Security10.1007/978-981-16-9480-6_18(194-206)Online publication date: 27-May-2022
https://doi.org/10.1007/978-981-16-9480-6_18
Show More Cited By

Index Terms

Safe and Efficient Implementation of a Security System on ARM using Intra-level Privilege Separation
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Formal Modeling and Security Analysis for Intra-level Privilege Separation
ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

Privileged system software such as mainstream operating system kernels and hypervisors have an ongoing stream of vulnerabilities. Even the inflated secure world in Trusted Execution Environment (TEE) is no longer secure in complex real-world scenarios. ...
Enhanced Privilege Separation for Commodity Software on Virtualized Platform
ICPADS '10: Proceedings of the 2010 IEEE 16th International Conference on Parallel and Distributed Systems

Conventional privilege separation can effectively reduce the TCB size by granting privilege to only the privileged compartments. However, since they this approach relies on process isolation to ensure security assurance, malware exploiting against ...
Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution
Computer Security – ESORICS 2019
Abstract
With the rapid proliferation of IoT devices, we have witnessed increasing security breaches targeting IoT devices. To address this, considerable attention has been drawn to the vulnerability discovery of IoT firmware. However, in contrast to the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 22, Issue 2

May 2019

214 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3316298

Editor:
David Basin
ETH Zurich, Switzerland

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 February 2019

Accepted: 01 January 2019

Revised: 01 January 2019

Received: 01 December 2017

Published in TOPS Volume 22, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Research Foundation of Korea (NRF)
IDEC
Automatic Deep Malware Analysis Technology for Cyber Threat Intelligence
Cloud-based Security Intelligence Technology Development for the Customized Security Service Provisioning
Institute for Information 8 communications Technology Promotion (IITP) grant funded by the Korea government (MSIT)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
547
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wu HChen YZhou YWang YZhang L(2023)DriverJar: Lightweight Device Driver Isolation for ARM2023 60th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC56929.2023.10247974(1-6)Online publication date: 9-Jul-2023
https://doi.org/10.1109/DAC56929.2023.10247974
Guo YWang ZZhong BZeng Q(2022)Formal Modeling and Security Analysis for Intra-level Privilege SeparationProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567984(88-101)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567984
Siswanto AEfendi AHasrin ZArifin B(2022)Two-Factor Authentication for Safe Deposit Box Based on Embedded SystemProceedings of 2nd International Conference on Smart Computing and Cyber Security10.1007/978-981-16-9480-6_18(194-206)Online publication date: 27-May-2022
https://doi.org/10.1007/978-981-16-9480-6_18
Kwon DHwang DPaek Y(2021)A Hardware Platform for Ensuring OS Kernel Integrity on RISC-VElectronics10.3390/electronics1017206810:17(2068)Online publication date: 26-Aug-2021
https://doi.org/10.3390/electronics10172068

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents