Understanding the Capabilities of Privileged Attackers Against Trusted Execution Environments
dc.contributor.author
Puddu, Ivan
dc.contributor.supervisor
Capkun, Srdjan
dc.contributor.supervisor
Kurmus, Anil
dc.contributor.supervisor
McCune, Jonathan M.
dc.contributor.supervisor
Shinde, Shweta
dc.date.accessioned
2023-05-16T09:37:31Z
dc.date.available
2023-05-01T13:35:03Z
dc.date.available
2023-05-14T21:26:13Z
dc.date.available
2023-05-15T09:39:46Z
dc.date.available
2023-05-16T09:37:31Z
dc.date.issued
2023
dc.identifier.uri
http://hdl.handle.net/20.500.11850/610177
dc.identifier.doi
10.3929/ethz-b-000610177
dc.description.abstract
Our lives today rely on the secure operation of computers in a diverse set of sectors, from energy to medicine. However, today's computers execute software bloated with complexity. Their large codebases provide a rich and versatile system, but most functionalities are often not needed in their target applications. This increases the trusted computing base (TCB) – the software and hardware that needs to be trusted for the system to work correctly. A large TCB is undesirable, as it gives attackers a higher likelihood to find and exploit vulnerabilities. Most of this complexity comes from the system software, that is, the operating system (OS) and the hypervisor. Despite this, the system software's codebase cannot generally be removed from the TCB, as it executes with the highest privileges.
Thanks to additional hardware primitives, Trusted Execution Environments (TEEs) break this paradigm, allowing even system software to be removed from the TCB. Most CPU manufacturers and architectures support some form of TEE: they can be found on Intel and AMD CPUs, as well as on ARM and RISC-V architectures. Their advent is promising, as they aim to let applications operate securely both when the (more privileged) system software is malicious and when a physical attacker can tamper with the system. Arguably, however, the guarantees that can be provided against such a strong and privileged attacker are not fully understood and often lead to TEE designs that make compromises invalidating the protections that they aim to provide. For example, previous work shows that the OS can abuse the CPU memory management interface to get notified when the TEE accesses attacker-specified memory regions, breaking data confidentiality. Understanding the capabilities of privileged attackers thus leads to more accurate designs and a more secure computing environment for everyone.
In this thesis, we contribute to the efforts of understanding the capabilities of privileged attackers in the context of TEEs in four main directions. First, we develop the Frontal attack, which shows that leveraging the OS to issue interrupts frequently leads to the CPU exposing detailed instruction execution timings, which can be used as a side channel. This side channel is detailed enough to leak encryption keys from a TEE and thus break data confidentiality. Second, we show that current commercial TEEs struggle to provide code confidentiality against a privileged attacker. Notably, we observe that using interpreters or JIT compilers inside TEEs – a popular choice due to their convenience and flexibility – leaks significantly more confidential instructions compared to a baseline where native instructions are used instead.
The third and fourth contributions relate to attestation protocols, which are used to verify that a TEE is protecting a given application. We emphasize the impact of previously neglected aspects in attestation protocols in both these contributions. In the third contribution, we highlight that relay attacks, while once thought to be tolerable given the TEE protections, enhance the capabilities of a privileged attacker. Finally, in the fourth contribution, we show that current attestation protocols implicitly assume trust in the TEE manufacturer at runtime – despite the manufacturers often claiming otherwise. While this implicit trust in the TEE manufacturer is often overlooked, our analysis shows that it is a concrete threat in practice and should thus be accounted for in future attestation protocols.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
ETH Zurich
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.subject
Hardware Security
en_US
dc.subject
Trusted Execution Environments
en_US
dc.subject
Side channel attacks
en_US
dc.subject
System security
en_US
dc.title
Understanding the Capabilities of Privileged Attackers Against Trusted Execution Environments
en_US
dc.type
Doctoral Thesis
dc.rights.license
In Copyright - Non-Commercial Use Permitted
dc.date.published
2023-05-15
ethz.size
219 p.
en_US
ethz.code.ddc
DDC - DDC::0 - Computer science, information & general works::004 - Data processing, computer science
en_US
ethz.identifier.diss
29091
en_US
ethz.publication.place
Zurich
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03755 - Capkun, Srdan / Capkun, Srdan
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03755 - Capkun, Srdan / Capkun, Srdan
en_US
ethz.date.deposited
2023-05-01T13:35:04Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2024-02-02T23:12:41Z
ethz.rosetta.lastUpdated
2024-02-02T23:12:41Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Understanding%20the%20Capabilities%20of%20Privileged%20Attackers%20Against%20Trusted%20Execution%20Environments&rft.date=2023&rft.au=Puddu,%20Ivan&rft.genre=unknown&rft.btitle=Understanding%20the%20Capabilities%20of%20Privileged%20Attackers%20Against%20Trusted%20Execution%20Environments
Files in this item
Publication type
-
Doctoral Thesis [30286]