Abstract:In ARM TrustZone-based architecture, shared memory is one of the most useful schemes to enable isolated execution environments supported by TrustZone to communicate between environments. However, it is already known that shared memory is vulnerable to man-in-the-middle attacks since mechanisms to check integrity or authenticate callers for the shared memory payload are not supported in TrustZone. While an encryption-based method that resolves this limitation does exist, there are some architectural limitations. Indeed, even with key protection countermeasures applied, there is a risk that encryption keys may be leaked, as they are placed in insecure user memory during communication. Moreover, countermeasures for key leakage cause system performance overhead. In this paper, we propose a lightweight and secure scheme for shared memory, called Software One-Time Programmable Memory (SOTPM). SOTPM is a software-implemented, one-time programmable shared memory. It is based on the idea that payload encryption in the shared memory layer is unnecessary because sensitive data is already encrypted in the application layer before being written to the shared memory. SOTPM is set to read-only after data is written into SOTPM due to the one-time programmable characteristic. Therefore, attackers are unable to manipulate content in SOTPM during communication. Since it is not necessary for SOTPM to encrypt the payload in order to prevent malicious payload manipulation, it is possible to remove the risk of key leakage posed in previous studies. Additionally, in contrast with the existing method, our method can dramatically reduce system performance overhead. We implemented our prototype on an open-source hardware board with an Armv8-A processor and performed a security analysis and performance evaluation. The results show that SOTPM provides a sufficient level of security and less than 1% performance overhead, implying that SOTPM is a reasonable so-ution for current commercial products.

SOTPM: Software One-Time Programmable Memory to Protect Shared Memory on ARM Trustzone

Armlock: Hardware-Based Fault Isolation For Arm

Dtee: A Declarative Approach to Secure IoT Applications Using TrustZone

MIPE: a Practical Memory Integrity Protection Method in a Trusted Execution Environment.

Ubox: A Lightweight and Hardware-assisted Sandbox for Multicore Embedded Systems

MVAM: Multi-variant Attacks on Memory for IoT Trust Computing

MProtect: Operating System Memory Management without Access

A New Secure Memory System for Efficient Data Protection and Access Pattern Obfuscation

PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication

On Runtime Software Security of TrustZone-M based IoT Devices

Architecting Non-Volatile Main Memory to Guard Against Persistence-based Attacks

ROLoad-PMP: Securing Sensitive Operations for Kernels and Bare-Metal Firmware

ProtFe: Low-Cost Secure Power Side-Channel Protection for General and Custom FeFET-Based Memories

When Memory Mappings Attack: On the (Mis)use of the ARM Cortex-M FPB Unit

MECAT: Memory-Safe Smart Contracts in ARM TrustZone

Dataplant: Enhancing System Security with Low-Cost In-DRAM Value Generation Primitives

A Physically-Secure Write Scheme of Multi-Time Programmable Rram for Critical Information Storage

PTStore: Lightweight Architectural Support for Page Table Isolation

Low-Latency PAE: Permutation-Based Address Encryption Hardware Engine for IoT Real-Time Memory Protection

Taking a Look into Execute-Only Memory

Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version)