DEARM: Hardening ARM through debloating and TCB minimization

Abstract

PI Dr. Radu Sion, Stony Brook University, Total Funds Requested: $250, 977DEARM: Hardening ARM through debloating and TCB minimizationARM-powered devices increasingly access, process, and store confidential information and participate in sensitive authentication protocols, making them extremely attractive targets. Sophisticated attacks often focus on compromising the OS to subsequently gain direct access to user data. To mitigate the impact of such attacks, device manufacturers responded by offering hardware-rooted trusted environments that can protect secrets even in the presence of compromised OSes. Yet, securely porting existing apps to such trusted environments is not easy. And once inside the trusted environment, app vulnerabilities can often be used to compromise the entire trusted environment. The DEARM project will build a TrustZone-based platform (i) securing sensitive data from a compromised OS through a judiciously-crafted, minimal-TCB memory protection mechanism and (ii) eliminating the need to port apps to trusted environments. DEARM enables applications to store confidential data in memory regions protected from a compromised OS. Only approved, signed applications can access their associated protected memory regions. Data never leaves protected regions un-encrypted. Further, applications can only communicate or declassify this data through DEARM-protected channels. DEARM effectively ensures that application confidential data cannot be accessed, spoofed, or leaked by an OS, the secure TCB is minimized, and the overall code base is significantlydebloated. Technical Approach. DEARM will replace standard ARM Secure World applications (TAs) and most Secure World OS code with asmall Secure World monitor. DEARM will then provide protected regions inside Normal World memory for developer-supplied Normal World Shielded Apps. This region will be managed by a small Secure World TCB guaranteeing its data confidentiality and integrity, even when Shielded Apps execute under a compromised OS. DEARM will ensure that data inside this protected space is available in plaintext only to its corresponding verified Shielded App code.Anticipated Outcomes. (i) debloating and minimization of the trusted ARM TCB code running inside TrustZone, (ii) integrity for both application and kernel code, through OS instrumentation and process monitoring;(iii) confidentiality and integrity for sensitive data of applications running under an untrusted OS; (iv) additional application control flow hardening, by randomizing and hiding application code from both other apps and the OS; (v) secure protocol for communicating sensitive data with trusted remote servers, through an untrusted Normal World network; and (vi) providing Normal World trusted I/O paths to peripherals, through protected DMA channels.Impact on DoD Capabilities. ARM powered devices are outnumbering other platforms. Arm-based processors now have 10 times the shipments of x86 chips and have overtaken Intel in performance. Research shows that ARM is about 25% of the cost and 25% of the power requirements of x86 processors, for about the same performance. This project presents a unique opportunity to resolve major security challenges in the ARM platform and provide the DoD with the tools needed to defeat tomorrows adversaries.Approved for Public Release

Document Details

Document Type

DoD Grant Award

Publication Date

May 05, 2021

Source ID

N000142112407

Entities

Tags