Memory Corruption Attacks in the Context of Trusted Execution Environments - Invited Talk
- Davi, Lucas
- Name of Event:
- SILM seminar on the Security of Software/Hardware Interfaces
- INRIA, Rennes, France
ARM TrustZone and Intel Software Guard Extensions (SGX) offer hardware-assisted trusted execution environments (TEEs) to enable strong isolation of security-critical code and data. They also allow systems to perform remote attestation, where a device challenges another device to report its current state. In this talk, we elaborate on remote attestation schemes that do not only attest static properties, but also cover run-time control-flow behavior of applications based on ARM TrustZone. While TEEs enable secure attestation of control-flow behavior, memory corruption attacks (e.g., return-oriented programming) inside TEEs can undermine remote attestation schemes. This talk will elaborate on memory corruption attacks for the use-case of SGX and how we can develop analysis approaches to detect vulnerable TEE code.
Presentation Video: https://videos-rennes.inria.fr/video/BksfYbigI