4
Memory Forensics on Smartphones
In-the-box approach (Thing et al., 2010; Sylve et al., 2011) Vulnerable to armored malware using anti-forensics
Virtual Machine Introspection (VMI) (Yan et al., 2012) Trusted Computing Base (TCB) is large
Hardware-based solution: ( Android Debug Bridge (ADB), JTAG, Chip-off) ADB and JTAG: need the support of the forensic target Chip-off: physical damage and usually irreversible
Goals
Reliable Against malicious mobile OS Withstand mobile OS crash
Small TCB Non-invasive
5
ARM TrustZone
TrustZone Background
TrustZone A system-wide approach Two isolated execution
domains: secure domain and normal domain
TZIC (TrustZone Interrupt Controller) Secure interrupt--FIQ Non-secure interrupt--IRQ
GPIO (General Purpose I/O)
6
SupervisorFIQ……
System
Non-secure Privileged
Mode
SupervisorFIQ……
SystemSecure
PrivilegedMode other
than Monitor Mode
Monitor
SCR.NS=1 SCR.NS=0
SMC
SMC or other
methods
SetNS=1
Change mode
Change mode
User User
Non-secure State
Secure State
Recent Work on TrustZone
Trusted Application (TA) deployed in TrustZone in the payments at point of sale (POS) (Marforio et al., NDSS’14)
Trusted Language Runtime in TrustZone (Santos et al., ASPLOS’14)
Isolate Guest OS and Hypervisor with TrustZone (Kalkowski et al., FOSDEM ’14)
7
TrustDump Architecture8
Rich OS
Normal Domain Secure Domain
Reliable Switching
Data Acquisition
Exporting
Analysis
Monitor
Remote Monitor
TrustDumper
TrustDump Architecture
TrustDump Deployment Port Rich OS to the normal domain Install the TrustDumper in the secure domain
Reliable Switching Non-maskable interrupt (NMI)
Data Acquisition and Transmission Online and offline memory forensics
9
Rich OS
Normal Domain Secure Domain
Reliable Switching
Data Acquisition
Exporting
Analysis
Monitor
Remote Monitor
TrustDumper
10
Implementation Details
Freescale i.MX53 Quick Start Board A Cortex-A8 1GHz Processor 1GB DDR3 RAM 4GB MicroSD card
Android 2.3.4 in normal domain Thinkpad-T430
TrustDump Deployment
Android Porting Based on the Board Support Package published by Adeneo Embedded Intended to run in the secure domain
Access resource of secure domain in normal domain: secure I/O interfaces void secure_write(unsigned int data, unsigned int pa); unsigned int secure_read(unsigned int pa);
Self-contained TrustDumper in the secure domain
11
Interrupt Control Flow12
Peripheral
Interrupt Control Unit
Interrupt Request
2
AX
I an
d A
HB
Bus
esInterrupt Request
1
Interrupt Engine
TZIC
FIQIRQ
3 FIQ
IRQ
4 ARM Processor
Secure Configuration Register(SCR)
Current Program Status Register
(CPSR)
Reliable Switching
Configure User-defined button 1 as NMII. Enable FIQ exception: CPSR.F=0
II. Ensure CPSR.F cannot be modified by the normal domain: SCR.FW=0
III. Enforce the ARM processor to branch to the monitor mode on an FIQ exception: SCR.FIQ=1
IV. Configure GPIO-2 as secure peripheral
13
Conflict of Peripheral Access
Button 1 is for NMI in secure domain and Button 2 is used as the Home Key in normal domain
14
Disable the non-secure access to Button 1
The non-secure access to Button 2 is disabled
User-defined Button 1 and 2 share the same access policy
Fine-grained Peripheral Control
Set the peripherals sharing the same policy as secure peripheral Release those peripherals needed in the normal domain by
adding them into the Whitelist in secure domain The Rich OS uses the secure I/O interfaces to access the
released peripherals
15
Conflict of Interrupt Generation
One interrupt number for all the 32 pins of GPIO-2 Button 2 will trigger the same NMI, instead of serving as the
Home Key as designed in the Rich OS Forward the interrupt requests of button 1 and button 2 to
different domains
16
Fine-grained Interrupt Control17
MonitorRich OS
Normal Domain Secure Domain
IRQ Exception Handler
Operation Codes
Interrupt Number
Hardware InterruptIRQ
For Rich OSFIQ
ExceptionHandler
Interrupt NumberButton
1
Button 2
FIQ Exception Handler
FIQ
NMI
TrustDumper
TrustDumper
Data Acquisition and Transmission Integrity Checking and Rootkit Detection
18
struct task_struct{……
struct list_head tasks;……
pid_t pid;……
struct mm_struct *mm; ……}
current task
struct thread_info{unsigned long flags;int preempt_count;
mm_segment_t addr_limit;struct task_struct *task;
…………}
current thread_info
struct task_struct{……
struct list_head tasks;……
pid_t pid;……
struct mm_struct *mm; ……}
next task
tasks
struct task_struct{……
struct list_head tasks;……
pid_t pid;……
struct mm_struct *mm; ……}
previous task
struct task_struct{……
struct list_head tasks;……
pid_t pid;……
struct mm_struct *mm; ……}
stack pointer & (0x1FFFF)
Evaluation
Switching time NMI: 1.7 us SMC: 0.3 us
Memory Dumping Performance
19
Scale (Byte) Bit rate (bit/s)
DMA CPU
10 92178.12 92178.49
100 92163.38 92165.45
1K 92163.01 92163.43
10K 92163.09 92163.11
Analysis time Kernel Integrity Checking:
hardware (1.56 ms), software (578.6 ms)
Processes Traversing: 2.13 ms
Summary
TrustDump Reliable memory acquisition mechanism based on TrustZone Hardware-assisted isolation NMI as the reliable switching Fine-grained peripheral control and fine-grained interrupt control
20