TY - GEN
T1 - TEE-Time
T2 - 25th International Symposium on Quality Electronic Design, ISQED 2024
AU - Forcioli, Quentin
AU - Chaudhuri, Sumanta
AU - Danger, Jean Luc
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - In this article, we present a tool to analyze cache timing vulnerabilities in trusted execution environments. First, we present a platform based on the well-known gem5 simulator capable of booting GlobalPlatform Compliant TEEs for ARMV8 architecture. Next, we present the associated GDB instrumentation which allows us to dynamically reconfigure the gem5 simulator and access detailed micro-architectural state after each simulation step. Unmodified Linux/TEE binaries can be run on this platform, from which detailed execution and cache access traces are gathered and analyzed on-the-fly.We demonstrate the usage of this tool, first with an in-vitro experiment to explain the concepts of Key-Cache lines, Key-Execution Points, a method to rank these lines in an increasing order of vulnerability, and code coverage. We show that real vulnerabilities can be detected with our tool, in an otherwise constant-time RSA implementation inside an open Source TEE called OP-TEE.
AB - In this article, we present a tool to analyze cache timing vulnerabilities in trusted execution environments. First, we present a platform based on the well-known gem5 simulator capable of booting GlobalPlatform Compliant TEEs for ARMV8 architecture. Next, we present the associated GDB instrumentation which allows us to dynamically reconfigure the gem5 simulator and access detailed micro-architectural state after each simulation step. Unmodified Linux/TEE binaries can be run on this platform, from which detailed execution and cache access traces are gathered and analyzed on-the-fly.We demonstrate the usage of this tool, first with an in-vitro experiment to explain the concepts of Key-Cache lines, Key-Execution Points, a method to rank these lines in an increasing order of vulnerability, and code coverage. We show that real vulnerabilities can be detected with our tool, in an otherwise constant-time RSA implementation inside an open Source TEE called OP-TEE.
U2 - 10.1109/ISQED60706.2024.10528744
DO - 10.1109/ISQED60706.2024.10528744
M3 - Conference contribution
AN - SCOPUS:85194087544
T3 - Proceedings - International Symposium on Quality Electronic Design, ISQED
BT - Proceedings of the 25th International Symposium on Quality Electronic Design, ISQED 2024
PB - IEEE Computer Society
Y2 - 3 April 2024 through 5 April 2024
ER -