G5 Doctoral dissertation (article)
Manipulating the ARM hypervisor and TrustZone (2021)


Ben Yehuda, R. (2021). Manipulating the ARM hypervisor and TrustZone [Doctoral dissertation]. Jyväskylän yliopisto. JYU Dissertations, 406. http://urn.fi/URN:ISBN:978-951-39-8752-7


JYU authors or editors


Publication details

All authors or editorsBen Yehuda, Raz

eISBN978-951-39-8752-7

Journal or seriesJYU Dissertations

eISSN2489-9003

Publication year2021

Number in series406

Number of pages in the book1 verkkoaineisto (73 sivua, 120 sivua useina numerointijaksoina, 26 numeroimatonta sivua)

PublisherJyväskylän yliopisto

Place of PublicationJyväskylä

Publication countryFinland

Publication languageEnglish

Persistent website addresshttp://urn.fi/URN:ISBN:978-951-39-8752-7

Publication open accessOpenly available

Publication channel open accessOpen Access channel


Abstract

ARM architecture keeps extending, and new features are added in each edition of this processor’s architecture. We examine the various techniques to manipulate the ARM hypervisor. In this work, we present a new execution context in the Linux operating system, which we refer to as the hyplet. The hyplet is a technique in which a function of a regular Linux process is executed in the hypervisor. It is through the use of the hyplet that an additional security layer is put inside an executing Linux process, inaccessible to common user space or kernel space privileges. Also, the hyplet provides an infrastructure for a CFI (Control Flow Inspection) technique named C-FLAT, a virtual disk used to trap intruders (honeypot), and a method to acquire coherent memory images for forensics. The acquisition is performed slowly, thereby reduces heat and power, and therefore a good solution for battery-based devices such as smartphones. Also, we show that the hyplet, compared to other RPC (Remote Procedure Call) techniques, provides an extremely fast RPC among Linux Processes. Through the hyplet, it is also possible to execute ISR (interrupt service routine) in a regular user-space Linux process. In Linux it is possible to offload a processor, usually to reduce power. We combined offloading a processor and the hyplet to demonstrate hard real-time. This technology is referred to as the offline hyplet. The offline hyplet demonstrates high-resolution timers, 20Khz, on a relatively slow ARM processor, executing a userspace routine inside a regular Linux process. Other than that, our research presents the hyperwall, a technology to protect network cards. Lastly, we provide a tutorial for a DMA attack on TrustZone running the OP-TEE operating system.


Keywordsprocessorsdata securityvirtualisationLinux

Free keywordshypervisor; TrustZone; ARM; virtualization; real-time; safety


Contributing organizations


Ministry reportingYes

Reporting Year2021


Last updated on 2024-03-04 at 18:06