SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems
Assistant Professor Pedro Fonseca and his colleagues’ paper titled, “SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems” was accepted in the 2020 IEEE Symposium on Security and Privacy. The event, hosted virtually due to COVID-19 concerns, runs from May 18 – May 20, 2020.
Fonseca’s paper presents a vulnerability study of TrustZone- assisted Trusted Execution Environments (TEE). TEEs are a key security mechanism to protect the integrity and confidentiality of applications. By leveraging dedicated hardware, they enable the execution of security-sensitive applications inside protected domains isolated from the platform’s operating system.
Arm TrustZone has become the de facto hardware technology to implement TEEs in mobile environments and has been employed in industrial control systems, servers, and low-end devices. In the future, where trillions of TrustZone-enabled IoT devices are expected worldwide, TEEs can provide secure environments for data processing at the edge.
TEEs are generally assumed to be more secure than modern operating systems due to the hardware-based separation enforced by TrustZone technology and their smaller Trusted Computing Base (TCB). For this reason, TEEs have become widely adopted for securing mobile devices against malware. For instance, Android platforms incorporate TrustZone-assisted TEEs to secure application-specific operations involving user authentication, online banking, or digital rights management. Unfortunately, some of these systems have been exploited in the past, which has been casting doubts about the real security guarantees that existing commercial TEEs can effectively provide.
Despite the common belief that TEEs are secure due to their hardware-enforced isolation capability and small TCB, Fonseca’s study reports on numerous pieces of evidence that question this assumption. In particular, current TEE systems have serious limitations at the implementation, architecture, and hardware levels that potentially introduce exploitable vulnerabilities affecting millions of devices. Based on the analysis, the authors highlight multiple state-of-the-art defenses, proposed by the research community, which could make commercial TEE systems substantially more secure.
View the entire paper.