@inproceedings{0833ac8af2634ccfa8e98af396fd00b2,
title = "A gem5 based Platform for Micro-Architectural Security Analysis",
abstract = "In this article we present a simulation platform based on gem5 for security analysis. On top of gem5's architectural exploration and performance estimation capability, our platform permits attacks on ARM Trustzone, security evaluation of cypto libraries, and attacks from accelerators or 3rd party IPs present in the SoC. We discuss various components of our platform such as GDB, gem5, SystemC TLM 2.0 and the steps to boot an open source trusted execution environment called OPTEE. We present an in-vitro experimental attack in Syscall mode on the mbedTLS library and we show how this attack can be fine-tuned. We also present two in-vivo attacks on OPTEE on the RSA signing Trustlet and the Secure Storage Trustlet to demonstrate the capabilities and usage of our platform.",
keywords = "Cache Timing Attacks, Co-Simulation, Micro-Architectural Attacks., Penetration Testing, Security, SoC, TEE, Trusted Execution, Trusted OS, Virtual Platform, gem5",
author = "Quentin Forcioli and Danger, \{Jean Luc\} and Sumanta Chaudhuri",
note = "Publisher Copyright: {\textcopyright} 2023 ACM.; 12th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2023, held in conjunction with the 56th International Symposium on Microarchitecture, MICRO 2023 ; Conference date: 29-10-2023",
year = "2023",
month = oct,
day = "29",
doi = "10.1145/3623652.3623674",
language = "English",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
pages = "91--99",
booktitle = "Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2023",
}