{"title":"Android tee中的内存损坏攻击:基于OP-TEE的案例研究","authors":"Fabian Fleischer, Marcel Busch, Phillip Kuhrt","doi":"10.1145/3407023.3407072","DOIUrl":null,"url":null,"abstract":"Many security-critical services on mobile devices rely on Trusted Execution Environments (TEEs). However, due to the proprietary and locked-down nature of TEEs, the available information about these systems is scarce. In recent years, we have witnessed several exploits targeting all major commercially used TEEs, which raises questions about the capabilities of TEEs to provide the expected integrity and confidentiality guarantees. In this paper, we evaluate the exploitability of TEEs by analyzing common flaws from the perspective of an adversary. We provide multiple vulnerable TEE applications for OP-TEE, a reference implementation for TEEs, and elaborate on the steps necessary for their exploitation on an Android system. Our vulnerable examples are inspired by real-world exploits seen in-the-wild on commercially used TEEs. With this work, we provide developers and researchers with introductory knowledge to realistically assess the capabilities of TEEs. For these purposes, we also make our examples publicly available.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Memory corruption attacks within Android TEEs: a case study based on OP-TEE\",\"authors\":\"Fabian Fleischer, Marcel Busch, Phillip Kuhrt\",\"doi\":\"10.1145/3407023.3407072\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many security-critical services on mobile devices rely on Trusted Execution Environments (TEEs). However, due to the proprietary and locked-down nature of TEEs, the available information about these systems is scarce. In recent years, we have witnessed several exploits targeting all major commercially used TEEs, which raises questions about the capabilities of TEEs to provide the expected integrity and confidentiality guarantees. In this paper, we evaluate the exploitability of TEEs by analyzing common flaws from the perspective of an adversary. We provide multiple vulnerable TEE applications for OP-TEE, a reference implementation for TEEs, and elaborate on the steps necessary for their exploitation on an Android system. Our vulnerable examples are inspired by real-world exploits seen in-the-wild on commercially used TEEs. With this work, we provide developers and researchers with introductory knowledge to realistically assess the capabilities of TEEs. For these purposes, we also make our examples publicly available.\",\"PeriodicalId\":121225,\"journal\":{\"name\":\"Proceedings of the 15th International Conference on Availability, Reliability and Security\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 15th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3407023.3407072\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3407072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Memory corruption attacks within Android TEEs: a case study based on OP-TEE
Many security-critical services on mobile devices rely on Trusted Execution Environments (TEEs). However, due to the proprietary and locked-down nature of TEEs, the available information about these systems is scarce. In recent years, we have witnessed several exploits targeting all major commercially used TEEs, which raises questions about the capabilities of TEEs to provide the expected integrity and confidentiality guarantees. In this paper, we evaluate the exploitability of TEEs by analyzing common flaws from the perspective of an adversary. We provide multiple vulnerable TEE applications for OP-TEE, a reference implementation for TEEs, and elaborate on the steps necessary for their exploitation on an Android system. Our vulnerable examples are inspired by real-world exploits seen in-the-wild on commercially used TEEs. With this work, we provide developers and researchers with introductory knowledge to realistically assess the capabilities of TEEs. For these purposes, we also make our examples publicly available.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
