G5 Doctoral dissertation (article)
Manipulating the ARM hypervisor and TrustZone (2021)

Ben Yehuda, R. (2021). Manipulating the ARM hypervisor and TrustZone [Doctoral dissertation]. Jyväskylän yliopisto. JYU Dissertations, 406. http://urn.fi/URN:ISBN:978-951-39-8752-7

JYU authors or editors

Publication details

All authors or editors: Ben Yehuda, Raz

eISBN: 978-951-39-8752-7

Journal or series: JYU Dissertations

eISSN: 2489-9003

Publication year: 2021

Number in series: 406

Number of pages in the book: 1 verkkoaineisto (73 sivua, 120 sivua useina numerointijaksoina, 26 numeroimatonta sivua)

Publisher: Jyväskylän yliopisto

Place of Publication: Jyväskylä

Publication country: Finland

Publication language: English

Persistent website address: http://urn.fi/URN:ISBN:978-951-39-8752-7

Publication open access: Openly available

Publication channel open access: Open Access channel


ARM architecture keeps extending, and new features are added in each edition of this processor’s architecture. We examine the various techniques to manipulate the ARM hypervisor. In this work, we present a new execution context in the Linux operating system, which we refer to as the hyplet. The hyplet is a technique in which a function of a regular Linux process is executed in the hypervisor. It is through the use of the hyplet that an additional security layer is put inside an executing Linux process, inaccessible to common user space or kernel space privileges. Also, the hyplet provides an infrastructure for a CFI (Control Flow Inspection) technique named C-FLAT, a virtual disk used to trap intruders (honeypot), and a method to acquire coherent memory images for forensics. The acquisition is performed slowly, thereby reduces heat and power, and therefore a good solution for battery-based devices such as smartphones. Also, we show that the hyplet, compared to other RPC (Remote Procedure Call) techniques, provides an extremely fast RPC among Linux Processes. Through the hyplet, it is also possible to execute ISR (interrupt service routine) in a regular user-space Linux process. In Linux it is possible to offload a processor, usually to reduce power. We combined offloading a processor and the hyplet to demonstrate hard real-time. This technology is referred to as the offline hyplet. The offline hyplet demonstrates high-resolution timers, 20Khz, on a relatively slow ARM processor, executing a userspace routine inside a regular Linux process. Other than that, our research presents the hyperwall, a technology to protect network cards. Lastly, we provide a tutorial for a DMA attack on TrustZone running the OP-TEE operating system.

Keywords: processors; data security; virtualisation; Linux

Free keywords: hypervisor; TrustZone; ARM; virtualization; real-time; safety

Contributing organizations

Ministry reporting: Yes

Reporting Year: 2021

Last updated on 2022-24-11 at 20:50