Séminaire sécurité des systèmes électroniques embarqués

Accueil     Présentation     Archives

Pierre Carru


Attack ARM TrustZone using Rowhammer - eshard

This presentation shows how the Rowhammer effect can be used to attack a TrustZone-based secure environment.

* We make a short introduction to TrustZone: it is a technology specified by ARM which allows our smartphones to run Android and a Secure OS concurrently. The Secure OS runs with higher privileges, and has reduced functionalities which makes it feasible to secure. The Secure OS provides specific services such as secure key storage, Secure Boot, etc to the "Normal" OS.

* We then present the principles of Rowhammer, a technique which allows to corrupt bits in DRAM by hammering nearby memory locations. We present the state of the art on this subject, for example the "drammer" paper, and our finding on different plateforms.

* Rowhammer on TrustZone: we then show that the Rowhammer effect can be used from the non-secure context to corrupt memory used by the Secure OS. As an example we demonstrate a practical attack against an RSA signature implemented in TrustZone. The faults to secure memory can be leveraged to recover private keys stored in secure memory. Thus bypassing TrustZone protections which normally prevent non-secure software from writing or reading to secure memory.
A short demo will be shown.