Fleischer F, Busch M, Kuhrt P (2020)
Publication Type: Conference contribution
Publication year: 2020
Publisher: Association for Computing Machinery
Conference Proceedings Title: ACM International Conference Proceeding Series
Event location: Online
ISBN: 9781450388337
Many security-critical services on mobile devices rely on Trusted Execution Environments (TEEs). However, due to the proprietary and locked-down nature of TEEs, the available information about these systems is scarce. In recent years, we have witnessed several exploits targeting all major commercially used TEEs, which raises questions about the capabilities of TEEs to provide the expected integrity and confidentiality guarantees. In this paper, we evaluate the exploitability of TEEs by analyzing common flaws from the perspective of an adversary. We provide multiple vulnerable TEE applications for OP-TEE, a reference implementation for TEEs, and elaborate on the steps necessary for their exploitation on an Android system. Our vulnerable examples are inspired by real-world exploits seen in-the-wild on commercially used TEEs. With this work, we provide developers and researchers with introductory knowledge to realistically assess the capabilities of TEEs. For these purposes, we also make our examples publicly available.
APA:
Fleischer, F., Busch, M., & Kuhrt, P. (2020). Memory corruption attacks within Android TEEs: A case study based on OP-TEE. In ACM International Conference Proceeding Series. Online: Association for Computing Machinery.
MLA:
Fleischer, Fabian, Marcel Busch, and Phillip Kuhrt. "Memory corruption attacks within Android TEEs: A case study based on OP-TEE." Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020, Online Association for Computing Machinery, 2020.
BibTeX: Download