Abstract
With the advent of the mobile industry, we face new security challenges. ARM architecture is deployed in most mobile phones, homeland security, IoT, autonomous cars and other industries, providing a hypervisor API (via virtualization extension technology). To research the applicability of this virtualization technology for security in this platform is an interesting endeavor. The hypervisor API is an addition available for some ARMv7-a and is available with any ARMv8-a processor. Some ARM platforms also offer TrustZone, which is a separate exception level designed for trusted computing. However, TrustZone may not be available to engineers as some vendors lock it. We present a method of applying a thin hypervisor technology as a generic security solution for the most common operating system on the ARM architecture. Furthermore, we discuss implementation alternatives and differences, especially in comparison with the Intel architecture and hypervisor with TrustZone approaches. We provide performance benchmarks for using hypervisors for reverse engineering protection.
Similar content being viewed by others
References
Averbuch, A., Kiperberg, M., Zaidenberg, N.J.: Truly-protect: an efficient VM-based software protection. IEEE Syst. J. 7(3), 455–466 (2013)
Joanna, R.: Introducing blue pill. In: The Official Blog of the Invisible Things, vol. 22, p. 23 (2006)
Avigdor, E., Herbert, H.C., Purushottam, G., Uri, B., David, H., Carey, S.: Provisioning active management technology (AMT) in computer systems. Google Patents, US Patent 8 438 618 (2013)
Zimmer, V.J.: SMM loader and execution mechanism for component software for multiple architectures. Google Patents, US Patent 6848046 (2005)
Johannes, W.: Trusted computing building blocks for embedded Linux-based ARM trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 21–30. ACM (2008)
Gernot, H., Leslie, B.: The OKL4 microvisor: convergence point of microkernels and hypervisors. In: Proceedings of the First ACM Asia-Pacific Workshop on Workshop on Systems, pp. 19–24 (2010)
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., Martin, S.: Trustzone explained: architectural features and use cases. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445–451. IEEE (2016)
Resh, A., Kiperberg, M., Leon, R., Zaidenberg, N.: System for executing encrypted native programs. Int. J. Digit. Content Technol. Appl. 11, 155–162 (2017)
Resh, A., Kiperberg, M., Leon, R., Zaidenberg, N.J.: Preventing execution of unauthorized native-code software. Int. J. Digit. Content Technol. Appl. 11, 72–90 (2017)
David, A., Zaidenberg, N.: Maintaining streaming video DRM. In: Proceedings of The International Conference on Cloud Security Management ICCSM-2014, p. 36 (2014)
Rosenblatt, W., Mooney, S., Trippe, W.: Digital Rights Management: Business and Technology. Wiley, New York (2001)
Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: USENIX Security Symposium, pp. 295–308 (2003)
Kiperberg, M., Zaidenberg, N.: Efficient remote authentication. In: Proceedings of the 12th European Conference on Information Warfare and Security: ECIW 2013, p. 144. Academic Conferences Limited (2013)
Thom, S., Cox, J., Linsley, D., Nystrom, M., Raj, H., Robinson, D., Saroiu, S., Spiger, R., Wolman, A.: Firmware-based trusted platform module for arm processor architectures and trustzone security extensions. U.S. Patent 8,375,221, issued February 12 (2013)
Kostiainen, K., Asokan, N., Ekberg, J.-E.: Practical property-based attestation on mobile devices. In: International Conference on Trust and Trustworthy Computing, pp. 78–92. Springer (2011)
Sohr, K., Mustafa, T., Nowak, A.: Software security aspects of Java-based mobile phones. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 1494–1501. ACM (2011)
Gunawi, H.S., Hao, M., Leesatapornwongsa, T., Patana-anake, T., Do, T., Adityatama, J., Eliazar, K.J., Laksono, A., Lukman, J.F., Martin, V., et al.: What bugs live in the cloud? A study of 3000+ issues in cloud systems. In: Proceedings of the ACM Symposium on Cloud Computing, pp. 1–14. ACM (2014)
Jonathan, A.V., McCune, M., Newsome, J.: Trustworthy Execution on Mobile Devices. Springer, New York (2014)
Kim, J., Kim, D., Park, J., Kim, J., Kim, H.: An efficient kernel introspection system using a secure timer on trustzone. J. Korea Inst. Inf. Secur. Cryptol. 25(4), 863–872 (2015)
Elhage, N.: Virtualization under attack: breaking out of KVM. DEF CON 19 (2011)
Zhu, M., Tu, B., Wei, W., Meng, D.: HA-VMSI, a lightweight virtual machine isolation approach with commodity hardware for ARM. In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International, Conference on Virtual Execution Environments, pp. 242–256. ACM (2017)
Ekberg, J.-E., Kostiainen, K., Asokan, N.: The untapped potential of trusted execution environments on mobile devices. IEEE Secur. Priv. 12(4), 29–37 (2014)
Banescu, S., Lucaci, C., Krämer, B., Pretschner, A.: VOT4CS: a virtualization obfuscation tool for C. In: Proceedings of the 2016 ACM Workshop on Software PROtection, pp. 39–49. ACM (2016)
Coogan, K., Lu, G., Debray, S.: Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 275–284. ACM (2011)
Kalysch, A., Götzfried, J., Müller, T.: VMAttack: deobfuscating virtualization-based packed binaries. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, p. 2. ACM (2017)
Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education, London (2005)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Annual International Cryptology Conference, pp. 1–18. Springer (2001)
Sven, M., Comex: Console hacking 2013—u fail it. In: 30th Chaos Communication Congress (December 2013) (2013)
Cantero, H.M., Peter, S., Bushing, S.: Console hacking 2010—PS3 epic fail. In: Chaos Communication Congress (December 2010) (2010)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016, 86 (2016)
Heiser, G., Leslie, B.: The OKL4 microvisor: convergence point of microkernels and hypervisors. In: Proceedings of the first ACM Asia-Pacific Workshop on Workshop on Systems, pp. 19–24. ACM (2010)
Penneman, N., Kudinskas, D., Rawsthorne, A., De Sutter, B., De Bosschere, K.: Formal virtualization requirements for the arm architecture. J. Syst. Archit. 59, 144–154 (2013)
Flur, S., Gray, K.E., Pulte, C., Sarkar, S., Sezgin, A., Maranget, L., Deacon, W., Sewell, P.: Modelling the ARMv8 architecture, operationally: concurrency and ISA. ACM SIGPLAN Not. 51, 608–621 (2016)
Elenkov, N.: Android Security Internals: An In-Depth Guide to Android’s Security Architecture. No Starch Press, San Francisco (2014)
Rosenberg, D.: QSEE trustzone kernel integer overflow vulnerability. In: Black Hat Conference, p. 26 (2014)
Mahajan, P., Sachdeva, A.: A study of encryption algorithms AES, DES and RSA for security. Glob. J. Comput. Sci. Technol. 13, 15–22 (2013)
Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 91–100. Springer (2006)
Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2006)
Dall, C., Nieh, J.: KVM/ARM: the design and implementation of the Linux ARM hypervisor. ACM SIGARCH Comput. Archit. News 42(1), 333–348 (2014)
Mijat, R., Nightingale, A.: Virtualization is coming to a platform near you. ARM white paper, 20 (2011)
Bach, M.J., et al.: The Design of the UNIX Operating System, vol. 1. Prentice-Hall, Englewood Cliffs (1986)
Kiperberg, M., Leon, R., Resh, A., Algawi, A., Zaidenberg, N.J.: Hypervisor-based Protection of Code. IEEE Trans. Inf. Forensics Secur. (2019). https://doi.org/10.1109/TIFS.2019.2894577
Abera, T., Asokan, N., Davi, L., Ekberg, J.-E., Nyman, T., Paverd, A., Sadeghi, A.-R., Tsudik, G.: C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 743–754. ACM (2016)
Kiperberg, L., Resh, A., Zaidenberg, N.J.: Hypervisor-assisted atomic memory acquisition in modern systems
Ben-Yehuda, W.: The offline scheduler for embedded vehicular systems. Int. J. Veh. Inf. Commun. Syst. 3, 44–57 (2013)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Raz Ben Yehuda and Nezer Jacob Zaidenberg both declare that they own stock in TrulyProtect.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ben Yehuda, R., Zaidenberg, N.J. Protection against reverse engineering in ARM. Int. J. Inf. Secur. 19, 39–51 (2020). https://doi.org/10.1007/s10207-019-00450-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-019-00450-1