Understanding the Prevailing Security Vulnerabilities in TrustZone-Assisted TEE Systems

Explore a comprehensive security analysis of TrustZone-assisted Trusted Execution Environment (TEE) systems in this IEEE conference talk. Delve into the prevailing security vulnerabilities affecting TEE systems developed by major companies like Qualcomm, Trustonic, Huawei, Nvidia, and Linaro. Examine the types of vulnerabilities, challenges in building secure TEE systems, and potential solutions from the research community. Gain insights into the architecture issues, implementation flaws, and hardware vulnerabilities that compromise TEE security. Learn about the severity of TEE vulnerabilities, their impact across software layers, and the various attack vectors used by malicious actors. Discover architectural, implementation, and hardware defenses proposed to enhance TEE security. Understand the implications of these vulnerabilities for the hundreds of millions of mobile devices relying on TrustZone for protecting security-critical applications and operating system components.

Intro
Lots of Scattered TEE Vulnerability Reports
Contributions
Source of Vulnerability Information
TEE Vulnerabilities Are Severe
All Software Layers Have Been Affected
TEE Architecture
Architecture Issues
1.1. Wide Interfaces In TEE Components
1.2. Excessively Large TEE TCBS
1.3. Map Normal-World Physical Memory
1.4. Lackluster Memory Protection
1.5. III-Supported TA revocation
Three Classes of Vulnerabilities
Implementation Issues
Validation Bugs
2.1. Bugs Within the Secure Monitor
Functional Bugs
2.2. Bugs in Memory Protection
Extrinsic Bugs
2.5. Concurrency
TEE Hardware
Hardware Issues
3.2. Energy Management Mechanisms
3.3. Leaking Information through Caches
How Attackers Attack TEES
TEE Defenses
Architectural Defenses
Implementation Defenses
Hardware Defenses
In Conclusion