SobTrA: a software-based trust anchor for ARM cortex application processors

Authors:
Julian Horsch;Sascha Wessel;Frederic Stumpf;Claudia Eckert
Affiliations:
Fraunhofer AISEC, Garching near Munich, Germany;Fraunhofer AISEC, Garching near Munich, Germany;Fraunhofer AISEC, Garching near Munich, Germany;Fraunhofer AISEC, Garching near Munich, Germany
Venue:
Proceedings of the 4th ACM conference on Data and application security and privacy
Year:
2014

Citing 14
Cited 0

Denali: a goal-directed superoptimizer

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Generic Attack on Checksumming-Based Software Tamper Resistance

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems

Proceedings of the twentieth ACM symposium on Operating systems principles
Strengthening Software Self-Checksumming via Self-Modifying Code

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
SCUBA: Secure Code Update By Attestation in sensor networks

WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Establishing the genuinity of remote computer systems

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Side effects are not sufficient to authenticate software

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On the difficulty of software-based attestation of embedded devices

Proceedings of the 16th ACM conference on Computer and communications security
Detecting code alteration by creating a temporary memory bottleneck

IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
A software primitive for externally-verifiable untampered execution and its applications to securing computing systems

A software primitive for externally-verifiable untampered execution and its applications to securing computing systems
Conqueror: tamper-proof code execution on legacy systems

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A software-based root-of-trust primitive on multicore platforms

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Practical and Secure Software-Based Attestation

LIGHTSEC '11 Proceedings of the 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.