TEE Offensive Core

2 Day Training: August 1,2

Abstract

Trusted Execution Environments (TEEs) are notoriously hard to secure, due to the interaction between complex hardware and a large trusted code bases (TCB)

Would you like to gain a system-level understanding of TEE security? Identify new vulnerability classes? Learn new exploitation techniques? Understand how the underlying hardware (HW) may become a powerful resource for software (SW) exploitation?

Then, this is THE training for you.

“TEE Offensive Core”, with its system-level approach, where hardware and software concur to software exploitation, provides a unique experience for a thorough understanding of TEEs and their SW security. The training is modeled around ARM TrustZone based TEEs, but the discussed concepts may be applicable to non-TrustZone TEEs as well.

The training is organized in a methodical flow, with an attacker-oriented perspective.

TEE SW vulnerabilities are discussed across the entire TEE attacks surface, along with non-conventional exploitation techniques. A solid understanding of TEE system security is built step by step, in light of multiple threat models.

The opportunities for an attacker in control of the Rich Execution Environment (REE), where usual Linux/Android environments get executed, are thoroughly discussed. Attacks directed to the overall TEE or to Trusted Applications (TAs), either starting from its REE counterpart, a Client Application (CA), or other REE components are covered.

A similar path is followed for an attacker already in control of a TA, aiming to compromise privileged TEE components (e.g. TEE OS) or another TA. Finally, you are briefly introduced to attacks that may take place during the initialization of the TEE or because of inconsistent configurations of HW and SW components.

You are guided through the topics by means of new content, analysis of public vulnerabilities and exploits, as well as tailored exercises. The training is supported by widely used codebases, such as OP-TEE and ARM Trusted Firmware (ATF), which have been purposely modified for supporting classroom exercises. Public attacks, up to the most recent ones, are ported to the training codebase allowing for close simulation of real vulnerabilities. Specially crafted exercises support discussion of attack vectors, impacts and applicable techniques. The training codebase runs in an emulated ARMv8 (AArch64) target, where exploitation is performed for some of the vulnerabilities.

The exploitability of all vulnerabilities is analyzed taking the overall system into account. Techniques for "HW augmented" exploitation, where the underlying HW is used for novel and creative SW exploits, are introduced and discussed in details.

Presentations, interactive sessions, open questions and exercises are all mixed into a high intensity training. An in-class, jeopardy-style CTF supports the training during all its phases, from understanding theoretical concepts, to identification of vulnerabilities and exploitation.

Key Learning Objectives

  • Add "new creative books" to your TEE offensive library
    • Vulnerabilities, attacks and exploits
  • Extend your accessible TEE attack surface
  • Understand how Hardware subsystems may be used in Software exploitation
  • Gain a system-level understanding of TEE security.

Who Should Attend

  • Security Analysts and Researchers, interested in new techniques, or
  • Software Security Developers/Architects interested in defenses against attacks combining Hardware and Software.

Course Agenda

Day 1:

  • Introduction to TEE Security
    • TEE Fundamentals
    • TEE Security model
  • ARM TrustZone-based TEEs
    • TEE Hardware & software components
    • Attacker models
  • TEE SW attack surface
    • REE-TEE Communications
    • CA-TA communications
    • Global Platform APIs
  • TEE runtime attacks and exploitation:
    • REE --> TEE
      • SMC attack surface
      • Combining SMC calls
      • Pointers and structures
      • Case study: Exploiting a NULL byte vulnerability

Day 2:

  • TEE runtime attacks and exploitation:
    • REE --> TEE continued
      • Range checks
      • Building SMC-based primitives
      • Alternative W^X bypasses
    • REE --> TA
      • Type confusion attacks
      • TOCTOU/Double fetch attacks
    • TA --> TEE
      • SVC attack surface
      • Cryptographic primitives attacks
    • TA --> TA
      • State confusion attacks
      • IP separation vulnerabilities
  • Hardware augmented exploitation

Pre-requisites

Attendees are expected to have:

  • Knowledge of C/C++ programming [Proficient]
  • Sound knowledge of modern OS security concepts [Intermediate]
  • Familiarity with typical software vulnerabilities and their exploitation [Intermediate]
  • Familiarity with reverse engineering and exploitation (preferably on ARM) [Intermediate]
  • Knowledge of ARM architecture (AArch64) and related assembly [Basic]

Although not mandatory, experience with the following may be helpful during the overall course

  • OS-level source code reviews
  • System-on-Chip Hardware security

System Requirements

  • Laptop capable of running VMware Fusion, Workstation or the free VMware Player
  • with one of the above VMWare products installed (latest version preferred)
  • with 40GB available disk space
  • with Wi-Fi connectivity

Students will be provided with

A VMWare image with all the tools and code needed for the exercises.

Cristofaro Mune

Cristofaro Mune

Early Bird Pricing - Register Now

Cristofaro has been in the security field for 15+ years. He has 10 years of experience with evaluating SW and HW security of secure products, as well as more than 5 years of experience in testing and assessing the security of TEEs. He works as a Product Security Consultant, providing support for design and development of secure products. He also performs device-level security testing with advanced SW and HW techniques. Finally, he provides security training on low-level topics, usually lying at the boundaries of SW and HW.

He has contributed to development of TEE security evaluation methodologies and has been member of TEE security industry groups.

His research on Fault Injection, TEEs, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.