TrustDump:Reliable Memory Acquisition on Smartphones

 1

September 1, 2014

Outline

Motivation Background TrustDump Architecture Implementation Details Evaluation Summary

2

Outline

Motivation Background TrustDump Architecture Implementation Details Evaluation Summary

3

4

Memory Forensics on Smartphones

In-the-box approach (Thing et al., 2010; Sylve et al., 2011) Vulnerable to armored malware using anti-forensics

Virtual Machine Introspection (VMI) (Yan et al., 2012) Trusted Computing Base (TCB) is large

Hardware-based solution: ( Android Debug Bridge (ADB), JTAG, Chip-off) ADB and JTAG: need the support of the forensic target Chip-off: physical damage and usually irreversible

Goals

Reliable Against malicious mobile OS Withstand mobile OS crash

Small TCB Non-invasive

5

ARM TrustZone

TrustZone Background

TrustZone A system-wide approach Two isolated execution

domains: secure domain and normal domain

TZIC (TrustZone Interrupt Controller) Secure interrupt--FIQ Non-secure interrupt--IRQ

GPIO (General Purpose I/O)

6

SupervisorFIQ……

System

Non-secure Privileged

Mode

SupervisorFIQ……

SystemSecure

PrivilegedMode other

than Monitor Mode

Monitor

SCR.NS=1 SCR.NS=0

SMC

SMC or other

methods

SetNS=1

Change mode

Change mode

User User

Non-secure State

Secure State

Recent Work on TrustZone

Trusted Application (TA) deployed in TrustZone in the payments at point of sale (POS) (Marforio et al., NDSS’14)

Trusted Language Runtime in TrustZone (Santos et al., ASPLOS’14)

Isolate Guest OS and Hypervisor with TrustZone (Kalkowski et al., FOSDEM ’14)

7

TrustDump Architecture8

Rich OS

Normal Domain Secure Domain

Reliable Switching

Data Acquisition

Exporting

Analysis

Monitor

Remote Monitor

TrustDumper

TrustDump Architecture

TrustDump Deployment Port Rich OS to the normal domain Install the TrustDumper in the secure domain

Reliable Switching Non-maskable interrupt (NMI)

Data Acquisition and Transmission Online and offline memory forensics

9

Rich OS

Normal Domain Secure Domain

Reliable Switching

Data Acquisition

Exporting

Analysis

Monitor

Remote Monitor

TrustDumper

10

Implementation Details

Freescale i.MX53 Quick Start Board A Cortex-A8 1GHz Processor 1GB DDR3 RAM 4GB MicroSD card

Android 2.3.4 in normal domain Thinkpad-T430

TrustDump Deployment

Android Porting Based on the Board Support Package published by Adeneo Embedded Intended to run in the secure domain

Access resource of secure domain in normal domain: secure I/O interfaces void secure_write(unsigned int data, unsigned int pa); unsigned int secure_read(unsigned int pa);

Self-contained TrustDumper in the secure domain

11

Interrupt Control Flow12

Peripheral

Interrupt Control Unit

Interrupt Request

2

AX

I an

d A

HB

Bus

esInterrupt Request

1

Interrupt Engine

TZIC

FIQIRQ

3 FIQ

IRQ

4 ARM Processor

Secure Configuration Register(SCR)

Current Program Status Register

(CPSR)

Reliable Switching

Configure User-defined button 1 as NMII. Enable FIQ exception: CPSR.F=0

II. Ensure CPSR.F cannot be modified by the normal domain: SCR.FW=0

III. Enforce the ARM processor to branch to the monitor mode on an FIQ exception: SCR.FIQ=1

IV. Configure GPIO-2 as secure peripheral

13

Conflict of Peripheral Access

Button 1 is for NMI in secure domain and Button 2 is used as the Home Key in normal domain

14

Disable the non-secure access to Button 1

The non-secure access to Button 2 is disabled

User-defined Button 1 and 2 share the same access policy

Fine-grained Peripheral Control

Set the peripherals sharing the same policy as secure peripheral Release those peripherals needed in the normal domain by

adding them into the Whitelist in secure domain The Rich OS uses the secure I/O interfaces to access the

released peripherals

15

Conflict of Interrupt Generation

One interrupt number for all the 32 pins of GPIO-2 Button 2 will trigger the same NMI, instead of serving as the

Home Key as designed in the Rich OS Forward the interrupt requests of button 1 and button 2 to

different domains

16

Fine-grained Interrupt Control17

MonitorRich OS

Normal Domain Secure Domain

IRQ Exception Handler

Operation Codes

Interrupt Number

Hardware InterruptIRQ

For Rich OSFIQ

ExceptionHandler

Interrupt NumberButton

1

Button 2

FIQ Exception Handler

FIQ

NMI

TrustDumper

TrustDumper

Data Acquisition and Transmission Integrity Checking and Rootkit Detection

18

struct task_struct{……

struct list_head tasks;……

pid_t pid;……

struct mm_struct *mm; ……}

current task

struct thread_info{unsigned long flags;int preempt_count;

mm_segment_t addr_limit;struct task_struct *task;

…………}

current thread_info

struct task_struct{……

struct list_head tasks;……

pid_t pid;……

struct mm_struct *mm; ……}

next task

tasks

struct task_struct{……

struct list_head tasks;……

pid_t pid;……

struct mm_struct *mm; ……}

previous task

struct task_struct{……

struct list_head tasks;……

pid_t pid;……

struct mm_struct *mm; ……}

stack pointer & (0x1FFFF)

Evaluation

Switching time NMI: 1.7 us SMC: 0.3 us

Memory Dumping Performance

19

Scale (Byte) Bit rate (bit/s)

DMA CPU

10 92178.12 92178.49

100 92163.38 92165.45

1K 92163.01 92163.43

10K 92163.09 92163.11

Analysis time Kernel Integrity Checking:

hardware (1.56 ms), software (578.6 ms)

Processes Traversing: 2.13 ms

Summary

TrustDump Reliable memory acquisition mechanism based on TrustZone Hardware-assisted isolation NMI as the reliable switching Fine-grained peripheral control and fine-grained interrupt control

20

Thanks! Questions?

hsun01@wm.edu

21