iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

Göttel, Christian; Felber, Pascal; Schiavoni, Valerio

doi:10.1007/978-3-030-34992-9_15

Cited by 4 publications

(1 citation statement)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The TA-Collect reads the system call log from the shared memory and sends it to the log receiver using TCP by calling Socket API. OP-TEE realizes the network communication of TA by borrowing the Linux network stack running in REE [63]. Specifically, OP-TEE makes an RPC (Remote Procedure Call) to TEE-Supplicant to execute the specified command on Linux.…”

Section: B Log Protection From Kernel To Server Using Teementioning

confidence: 99%

TEE-PA: TEE Is a Cornerstone for Remote Provenance Auditing on Edge Devices With Semi-TCB

Takemura,

Yamamoto,

Suzaki

2024

IEEE Access

View full text Add to dashboard Cite

Current AI&IoT edge devices run complex applications and are under the threat of stealthy attacks that are not easily detected by traditional security systems. Provenance auditing is a promising technique for determining the ramification of an attack from DAG (Directed Acyclic Graph) of event logs. However, the original provenance auditing was designed for personal computers and is not suitable for edge devices. Therefore, introducing provenance auditing on edge devices raises the following three problems.(1) Current edge devices have relatively powerful CPUs, but they are not enough for provenance auditing.(2) Most provenance auditing tools are developed as normal applications, and the log data is exposed to an untrusted area. (3) Most edge devices are used outdoors without an administrator (e.g., smart city) and must be managed by secure M2M (Machine to Machine). To prove these problems, we propose TEE-PA to securely collect system call logs on an edge device using TEE (Trusted Execution Environment) and send them to a remote provenance auditing on a powerful server. The system call logs are directly transferred from the kernel to the TEE and are not exposed to administrators as well as attackers, making it more secure than traditional provenance auditing. Although the kernel runs in an untrusted REE (Rich Execution Environment) and has a semantic gap from the TEE, TEE-PA offers a semi-TCB (Trusted Computing Base) that measures the kernel integrity check mechanism from the TEE at boot time and partially trusts the kernel. Operational correctness is periodically confirmed by unpredictable heartbeat messages sent from the remote provenance auditing server. If the correctness is not confirmed in the logs on the server, heartbeat message is not sent, triggering an autonomous recovery with a system reset of the watchdog timer protected by the TEE. We implemented a prototype of TEE-PA on the Arm TrustZone of Raspberry Pi3 with SPADE and LKRG (Linux Kernel Runtime Guard) as remote provenance auditing and kernel integrity check. We demonstrate that TEE-PA can determine the ramifications of stealthy attacks (fileless malware and shell command attacks) with acceptable performance. The performance evaluation estimates that remote provenance auditing is 19 times faster than on-board provenance auditing.

show abstract

Section: B Log Protection From Kernel To Server Using Teementioning

confidence: 99%