Visible to the public SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors

TitleSATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors
Publication TypeConference Paper
Year of Publication2019
AuthorsWan, Shengye, Sun, Jianhua, Sun, Kun, Zhang, Ning, Li, Qi
Conference Name2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
KeywordsARM development board, Asynchronous Introspection, composability, cyber physical systems, Evasion Attack, Instruction sets, Kernel, Metrics, microprocessor chips, Mobile handsets, multicore ARM processors, multicore ARM system, multicore computing security, Multicore processing, multiprocessing systems, normal world snapshot, normal-world evasion attack, operating systems (computers), pubcrawl, Resiliency, SATIN, Scalability, secure introspection mechanism, secure world checking solutions, secure world introspection, security, security of data, security policy violations, security protection, Trusted Computing, Trusted Execution Environment, trustworthy asynchronous introspection mechanism, Trustworthy Systems, TrustZone security extension

On ARM processors with TrustZone security extension, asynchronous introspection mechanisms have been developed in the secure world to detect security policy violations in the normal world. These mechanisms provide security protection via passively checking the normal world snapshot. However, since previous secure world checking solutions require to suspend the entire rich OS, asynchronous introspection has not been widely adopted in the real world. Given a multi-core ARM system that can execute the two worlds simultaneously on different cores, secure world introspection can check the rich OS without suspension. However, we identify a new normal-world evasion attack that can defeat the asynchronous introspection by removing the attacking traces in parallel from one core when the security checking is performing on another core. We perform a systematic study on this attack and present its efficiency against existing asynchronous introspection mechanisms. As the countermeasure, we propose a secure and trustworthy asynchronous introspection mechanism called SATIN, which can efficiently detect the evasion attacks by increasing the attackers' evasion time cost and decreasing the defender's execution time under a safe limit. We implement a prototype on an ARM development board and the experimental results show that SATIN can effectively prevent evasion attacks on multi-core systems with a minor system overhead.

Citation Keywan_satin_2019