Smartphone security has become a topic of paramount importance in both academic and commercial communities. Currently, the most widely used processors in mobile devices are the ARM processors. ARM processors employ TrustZone, a hardware security extension, to protect sensitive code and data in a privilege and isolated execution environment. Although TrustZone design is effective against many malicious software-based attacks, smartphones may be lost or stolen. Once in the possession of unfriendly hands, sensitive information in a smartphone may be retrieved through physical memory disclosure attacks such as cold boot attack, in which an attacker can bypass all software protection and gain unrestricted access to the contents in the dynamic random access memory.
Ning Zhang, a CS Ph.D. candidate, under the supervision of Prof. Wenjing Lou, presented his work on how to protect smartphones against physical-level memory disclosure attacks in a paper at the 37th IEEE Symposium on Security and Privacy, the top security conference in the field. In the paper, Zhang, Lou and their co-authors presented a novel system that combines hardware-assisted security protection of TrustZone and unique cache features in ARM. The system offers an isolated execution environment that can protect sensitive tasks against both malicious software and hardware memory disclosure attack. The system uses the on-chip cache as the program execution environment and applies cryptography to protect the sensitive program context that is stored in the physical memory. Through experimentation on a prototype, the new system was found to be effective and is capable of providing unprecedented protection with little performance impact.
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The 2016 Symposium marks the 37th annual meeting of this flagship conference. Among over 400 submissions, only 55 papers were accepted for presentation at this year’s symposium.