Close
 

Presentation

Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense
Session"ML under Attack, and ML for Attacks and Defenses"
DescriptionThe ARM Cortex-M microcontroller architecture is designed for embedded and Internet of Things (IoT) applications. To facilitate efficient execution, it has some unique hardware optimization. For example, Cortex-M TrustZone has a fast state switch mechanism that allows direct control-flow transfer from the secure state program to the non-secure state userspace program. In this paper, we demonstrate how this fast state switch mechanism can be exploited for arbitrary code execution with escalated privilege in non-secure state by introducing a new exploitation technique, namely return-to-non-secure (ret2ns). We experimentally confirmed the feasibility of four variants of ret2ns attacks on two Cortex-M hardware systems.
Authors
Zheyuan Ma
University at Buffalo
Xi Tan
University at Buffalo
Lukasz Ziarek
University at Buffalo
Ning Zhang
Washington University, St. Louis
Hongxin Hu
University at Buffalo
Ziming Zhao
University at Buffalo
Event Type
Research Manuscript
TimeThursday, July 13th4:55pm - 5:10pm PDT
Location3002, 3rd Floor
Topics
Security
Keywords
Hardware Security: Attack and Defense