P19_21: Is ARM TrustZone Trustable?
Topic Areas: Security Attacks, Side-channel Attacks
Principal investigator: Dr. Yunsi Fei, Northeastern University
The recently reported Spectre exploit has revealed fundamental vulnerabilities of modern X86 processors due to the indispensable architecture feature for performance, speculative execution. However, vulnerabilities of speculative execution on ARM processors have only been extrapolated without comprehensive exploration, while ARM processors with TrustZone are prevalent in mobile systems, Internet-of-Things edge devices, and industrial control systems, which deal with significant amount of personal or sensitive data. This work proposes to evaluate the security vulnerabilities of Trustzone on ARM processors relating to the speculative microarchitecture. We first reverse-engineer the branch prediction unit of ARM Cortex A9. We then evaluate whether sensitive information within the secure world of TrustZone can be leaked to the normal-world or not via the common branch predictor. We envision the proposed investigations can reveal vulnerabilities of the commonly used Trusted Execution Environment (TEE) and call for security protection targeting pervasive ARM platforms.