Countermeasure against Side-Channel Attack in Shared Memory of TrustZone
Na-Young Ahn, and Dong Hoon Lee
TL;DR
This paper proposes multiple countermeasures to mitigate side-channel attacks in TrustZone's shared memory, including cache policies, timing equalization, and security flow control, enhancing security and integrity in mobile devices.
Contribution
It introduces novel countermeasures such as zero-contention cache, timing equalization, and Clark-Wilson based flow control for TrustZone's shared memory security.
Findings
Countermeasures effectively prevent TruSpy attacks.
Timing equalization reduces timing side-channel leakage.
Flow control improves information integrity.
Abstract
In this paper we introduced countermeasures against side-channel attacks in the shared memory of TrustZone. We proposed zero-contention cache memory or policy between REE and TEE to prevent from TruSpy attacks in TrustZone. And we suggested that delay time of data path of REE is equal or similar to that of data path of TEE to prevent timing side-channel attacks. Also, we proposed security information flow control based on the Clark-Wilson model, and built the information flow control mechanism using Authentication Tokenization Program (ATP). Accordingly we can expect the improved integrity of the information content between REE and TEE on mobile devices.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Cloud Data Security Solutions · Access Control and Trust