Skip to main content
SpringerLink
Log in

Protection against reverse engineering in ARM

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

With the advent of the mobile industry, we face new security challenges. ARM architecture is deployed in most mobile phones, homeland security, IoT, autonomous cars and other industries, providing a hypervisor API (via virtualization extension technology). To research the applicability of this virtualization technology for security in this platform is an interesting endeavor. The hypervisor API is an addition available for some ARMv7-a and is available with any ARMv8-a processor. Some ARM platforms also offer TrustZone, which is a separate exception level designed for trusted computing. However, TrustZone may not be available to engineers as some vendors lock it. We present a method of applying a thin hypervisor technology as a generic security solution for the most common operating system on the ARM architecture. Furthermore, we discuss implementation alternatives and differences, especially in comparison with the Intel architecture and hypervisor with TrustZone approaches. We provide performance benchmarks for using hypervisors for reverse engineering protection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Averbuch, A., Kiperberg, M., Zaidenberg, N.J.: Truly-protect: an efficient VM-based software protection. IEEE Syst. J. 7(3), 455–466 (2013)

    Article  Google Scholar 

  2. Joanna, R.: Introducing blue pill. In: The Official Blog of the Invisible Things, vol. 22, p. 23 (2006)

  3. Avigdor, E., Herbert, H.C., Purushottam, G., Uri, B., David, H., Carey, S.: Provisioning active management technology (AMT) in computer systems. Google Patents, US Patent 8 438 618 (2013)

  4. Zimmer, V.J.: SMM loader and execution mechanism for component software for multiple architectures. Google Patents, US Patent 6848046 (2005)

  5. Johannes, W.: Trusted computing building blocks for embedded Linux-based ARM trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 21–30. ACM (2008)

  6. Gernot, H., Leslie, B.: The OKL4 microvisor: convergence point of microkernels and hypervisors. In: Proceedings of the First ACM Asia-Pacific Workshop on Workshop on Systems, pp. 19–24 (2010)

  7. Ngabonziza, B., Martin, D., Bailey, A., Cho, H., Martin, S.: Trustzone explained: architectural features and use cases. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445–451. IEEE (2016)

  8. Resh, A., Kiperberg, M., Leon, R., Zaidenberg, N.: System for executing encrypted native programs. Int. J. Digit. Content Technol. Appl. 11, 155–162 (2017)

    Google Scholar 

  9. Resh, A., Kiperberg, M., Leon, R., Zaidenberg, N.J.: Preventing execution of unauthorized native-code software. Int. J. Digit. Content Technol. Appl. 11, 72–90 (2017)

    Google Scholar 

  10. David, A., Zaidenberg, N.: Maintaining streaming video DRM. In: Proceedings of The International Conference on Cloud Security Management ICCSM-2014, p. 36 (2014)

  11. Rosenblatt, W., Mooney, S., Trippe, W.: Digital Rights Management: Business and Technology. Wiley, New York (2001)

    Google Scholar 

  12. Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: USENIX Security Symposium, pp. 295–308 (2003)

  13. Kiperberg, M., Zaidenberg, N.: Efficient remote authentication. In: Proceedings of the 12th European Conference on Information Warfare and Security: ECIW 2013, p. 144. Academic Conferences Limited (2013)

  14. Thom, S., Cox, J., Linsley, D., Nystrom, M., Raj, H., Robinson, D., Saroiu, S., Spiger, R., Wolman, A.: Firmware-based trusted platform module for arm processor architectures and trustzone security extensions. U.S. Patent 8,375,221, issued February 12 (2013)

  15. Kostiainen, K., Asokan, N., Ekberg, J.-E.: Practical property-based attestation on mobile devices. In: International Conference on Trust and Trustworthy Computing, pp. 78–92. Springer (2011)

  16. Sohr, K., Mustafa, T., Nowak, A.: Software security aspects of Java-based mobile phones. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 1494–1501. ACM (2011)

  17. Gunawi, H.S., Hao, M., Leesatapornwongsa, T., Patana-anake, T., Do, T., Adityatama, J., Eliazar, K.J., Laksono, A., Lukman, J.F., Martin, V., et al.: What bugs live in the cloud? A study of 3000+ issues in cloud systems. In: Proceedings of the ACM Symposium on Cloud Computing, pp. 1–14. ACM (2014)

  18. Jonathan, A.V., McCune, M., Newsome, J.: Trustworthy Execution on Mobile Devices. Springer, New York (2014)

    Google Scholar 

  19. Kim, J., Kim, D., Park, J., Kim, J., Kim, H.: An efficient kernel introspection system using a secure timer on trustzone. J. Korea Inst. Inf. Secur. Cryptol. 25(4), 863–872 (2015)

    Article  Google Scholar 

  20. Elhage, N.: Virtualization under attack: breaking out of KVM. DEF CON 19 (2011)

  21. Zhu, M., Tu, B., Wei, W., Meng, D.: HA-VMSI, a lightweight virtual machine isolation approach with commodity hardware for ARM. In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International, Conference on Virtual Execution Environments, pp. 242–256. ACM (2017)

  22. Ekberg, J.-E., Kostiainen, K., Asokan, N.: The untapped potential of trusted execution environments on mobile devices. IEEE Secur. Priv. 12(4), 29–37 (2014)

    Article  Google Scholar 

  23. Banescu, S., Lucaci, C., Krämer, B., Pretschner, A.: VOT4CS: a virtualization obfuscation tool for C. In: Proceedings of the 2016 ACM Workshop on Software PROtection, pp. 39–49. ACM (2016)

  24. Coogan, K., Lu, G., Debray, S.: Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 275–284. ACM (2011)

  25. Kalysch, A., Götzfried, J., Müller, T.: VMAttack: deobfuscating virtualization-based packed binaries. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, p. 2. ACM (2017)

  26. Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education, London (2005)

    Google Scholar 

  27. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Annual International Cryptology Conference, pp. 1–18. Springer (2001)

  28. Sven, M., Comex: Console hacking 2013—u fail it. In: 30th Chaos Communication Congress (December 2013) (2013)

  29. Cantero, H.M., Peter, S., Bushing, S.: Console hacking 2010—PS3 epic fail. In: Chaos Communication Congress (December 2010) (2010)

  30. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016, 86 (2016)

  31. Heiser, G., Leslie, B.: The OKL4 microvisor: convergence point of microkernels and hypervisors. In: Proceedings of the first ACM Asia-Pacific Workshop on Workshop on Systems, pp. 19–24. ACM (2010)

  32. Penneman, N., Kudinskas, D., Rawsthorne, A., De Sutter, B., De Bosschere, K.: Formal virtualization requirements for the arm architecture. J. Syst. Archit. 59, 144–154 (2013)

    Article  Google Scholar 

  33. Flur, S., Gray, K.E., Pulte, C., Sarkar, S., Sezgin, A., Maranget, L., Deacon, W., Sewell, P.: Modelling the ARMv8 architecture, operationally: concurrency and ISA. ACM SIGPLAN Not. 51, 608–621 (2016)

    Article  Google Scholar 

  34. Elenkov, N.: Android Security Internals: An In-Depth Guide to Android’s Security Architecture. No Starch Press, San Francisco (2014)

    Google Scholar 

  35. Rosenberg, D.: QSEE trustzone kernel integer overflow vulnerability. In: Black Hat Conference, p. 26 (2014)

  36. Mahajan, P., Sachdeva, A.: A study of encryption algorithms AES, DES and RSA for security. Glob. J. Comput. Sci. Technol. 13, 15–22 (2013)

    Google Scholar 

  37. Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 91–100. Springer (2006)

  38. Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2006)

    MATH  Google Scholar 

  39. Dall, C., Nieh, J.: KVM/ARM: the design and implementation of the Linux ARM hypervisor. ACM SIGARCH Comput. Archit. News 42(1), 333–348 (2014)

    Google Scholar 

  40. Mijat, R., Nightingale, A.: Virtualization is coming to a platform near you. ARM white paper, 20 (2011)

  41. Bach, M.J., et al.: The Design of the UNIX Operating System, vol. 1. Prentice-Hall, Englewood Cliffs (1986)

    Google Scholar 

  42. Kiperberg, M., Leon, R., Resh, A., Algawi, A., Zaidenberg, N.J.: Hypervisor-based Protection of Code. IEEE Trans. Inf. Forensics Secur. (2019). https://doi.org/10.1109/TIFS.2019.2894577

    Article  Google Scholar 

  43. Abera, T., Asokan, N., Davi, L., Ekberg, J.-E., Nyman, T., Paverd, A., Sadeghi, A.-R., Tsudik, G.: C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 743–754. ACM (2016)

  44. Kiperberg, L., Resh, A., Zaidenberg, N.J.: Hypervisor-assisted atomic memory acquisition in modern systems

  45. Ben-Yehuda, W.: The offline scheduler for embedded vehicular systems. Int. J. Veh. Inf. Commun. Syst. 3, 44–57 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Jyväskylä, Jyväskylä, Finland

    Raz Ben Yehuda & Nezer Jacob Zaidenberg

  2. College of Management Academic Studies, Rishon LeZion, Israel

    Nezer Jacob Zaidenberg

  3. TrulyProtect, Jyväskylä, Finland

    Raz Ben Yehuda & Nezer Jacob Zaidenberg

Authors
  1. Raz Ben Yehuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nezer Jacob Zaidenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nezer Jacob Zaidenberg.

Ethics declarations

Conflict of interest

Raz Ben Yehuda and Nezer Jacob Zaidenberg both declare that they own stock in TrulyProtect.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ben Yehuda, R., Zaidenberg, N.J. Protection against reverse engineering in ARM. Int. J. Inf. Secur. 19, 39–51 (2020). https://doi.org/10.1007/s10207-019-00450-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-019-00450-1

Keywords

Search

Navigation