A survey on the (in)security of Trusted Execution Environments

TitleA survey on the (in)security of Trusted Execution Environments
Publication TypeJournal Article
Year of Publication2023
AuthorsA. Muñoz, R. Rios, R. Roman, and J. Lopez
JournalComputers & Security
Pagination103-180
PublisherElsevier
Place PublishedIn Press
ISSN Number0167-4048
KeywordsComputer security, Hardware attacks, Secure hardware, Side-channel attacks, Software attacks, Trusted Execution Environments
Abstract

As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.

URLhttps://www.sciencedirect.com/science/article/pii/S0167404823000901
DOI10.1016/j.cose.2023.103180
Citation KeyMUNOZ2023103180
Paper File: 
https://nics.uma.es:8082/sites/default/files/papers/MUNOZ2023103180.pdf

Supported by SAVE SecureEDGE