Research On Vulnerability Mining And Exploiting Of ARM Trustzone

ARM architecture as the mainstream of embedded devices architecture,are widely used in industrial control,wireless communications,network applications and consumer electronics and other fields because of its small size,low power consumption,low cost,high performance,ease of instruction and other characteristics.TrustZone,as a security technology in the ARM architecture,plays an important role in the ARM architecture.In recent years,the attackers have moved the attack target to TrustZone.TrustZone vulnerabilities are more dangerous and more vulnerable than traditional vulnerabilities.Once the attacks on the TrustZone architecture are successfully implemented,will gain control of the entire device and affect all devices that use such processors.Therefore,the security research for the TrustZone architecture is imminent.Through the analysis of the causes of TrustZone vulnerabilities,TrustZone vulnerabilities are mainly found in security applications in the secure world.The first task for TrustZone's vulnerability mining is to extract security applications from the device firmware and to conduct security analysis for it.In this paper,we selected TrustZone's open source implementation of OPTEE,mainstream smartphone TrustZone implementation as the research objects,and proposed a TrustZone vulnerability mining and utilization methods.Based on this method,it is found that there are two security defects in OPTEE and are successfully used.Practice shows that the vulnerability mining method can greatly improve the efficiency of loophole excavation,and it is of great reference value for the excavation of TrustZone.The main work and contribution of this paper are as follows:1.Research on the causes of the TrustZone vulnerability.In order to exploit TrustZone vulnerabilities purposefully,you need to understand the causes of the vulnerability of TrustZone.This paper analyzes the causes of the vulnerabilities of the TrustZone architecture from three aspects:interactive interface,architecture and protection measures.On this basis,the specific objects of vulnerability mining are determined.2.Research on excavation method of TrustZone vulnerability.Aiming at the realization of TrustZone,such as OPTEE,a static analysis method based on feature string is proposed,which greatly reduces the amount of code in static analysis and improves the speed of static analysis.Aiming at the situation that TrustZone does not open source,such as HTC and Huawei,a kind of TrustZone vulnerability mining method based on reverse engineering is proposed to solve the problem of low coverage of traditional reverse analysis.Aiming at the problem that the fuzzy test in the TrustZone architecture is not applicable,this paper proposes a TrustZone fuzzy test method with feedback.Finally.3.Research on TrustZone vulnerability explioting.We need to obtain the common world kernel authority to be able to exploit the vulnerability of TrustZone security world.In view of this problem,this paper proposes a kind of TrustZone exploit method based on Ret2usr and so on.