Visible to the public DVFS as a Security Failure of TrustZone-enabled Heterogeneous SoC

TitleDVFS as a Security Failure of TrustZone-enabled Heterogeneous SoC
Publication TypeConference Paper
Year of Publication2018
AuthorsBenhani, E. M., Bossuet, L.
Conference Name2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS)
KeywordsARM TrustZone, AXI bus, Clocks, composability, Computer architecture, DVFS, Dynamic Voltage and Frequency Scaling, electronic engineering computing, embedded system security, Embedded systems, energy consumption, Frequency modulation, frequency regulator, hardware trojan, Instruction sets, IP networks, Metrics, nonsecure ARM core, operating system, Operating systems, operating systems (computers), Operating Systems Security, power aware computing, pubcrawl, Receivers, Regulators, resilience, Resiliency, secure ARM core, security, security failure, system-on-chip, Trusted Computing, TrustZone-enabled heterogeneous SoC, TrustZone-enabled System-on-Chip, voltage regulator
AbstractToday, most embedded systems use Dynamic Voltage and Frequency Scaling (DVFS) to minimize energy consumption and maximize performance. The DVFS technique works by regulating the important parameters that govern the amount of energy consumed in a system, voltage and frequency. For the implementation of this technique, the operating system (OS) includes software applications that dynamically control a voltage regulator or a frequency regulator or both. In this paper, we demonstrate for the first time a malicious use of the frequency regulator against a TrustZone-enabled System-on-Chip (SoC). We demonstrate a use of frequency scaling to create covert channel in a TrustZone-enabled heterogeneous SoC. We present four proofs of concept to transfer sensitive data from a secure entity in the SoC to a non-secure one. The first proof of concept is from a secure ARM core to outside of SoC. The second is from a secure ARM core to a non-secure one. The third is from a non-trusted third party IP embedded in the programmable logic part of the SoC to a non-secure ARM core. And the last proof of concept is from a secure third party IP to a non-secure ARM core.
Citation Keybenhani_dvfs_2018