Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent...
Transcript of Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent...
![Page 1: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/1.jpg)
National Security Institute
Radu Sion
Horizontal Privilege Escalation in Trusted Applications
Darius Suciu Stephen McLaughlin Laurent Simon
![Page 2: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/2.jpg)
2July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Background: Bugs over time
Linux lines of code over time Linux vulnerabilities over time
Source: Meng, Dan, et al. "Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing."
Source: https://commons.wikimedia.org/wiki/File:Lines_of_Code_Linux_Kernel.svg
![Page 3: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/3.jpg)
3July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Normal World
Applications
App App
App
Background: TrustZone
Secure World
Secure OS
Rich Operating
System
ARM Cortex Processor
Monitor
Trusted Applications
TATAApp
![Page 4: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/4.jpg)
4July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Background: TrustZone Attacks
Secure World
Secure OS
Normal World
Rich Operating
System
Applications
ARM Cortex Processor
Monitor
Trusted Applications
TAApp
App App
TAAppApp
Privilege escalation
![Page 5: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/5.jpg)
5July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Background: Boomerang[1] attack
Secure World
Secure OS
Normal World
Rich Operating
System
Applications
ARM Cortex Processor
App App
Monitor
Trusted Applications
TAApp
App
App
App
TA
Privilege escalation
[1] Machiry, Aravind, et al. "BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments." NDSS. 2017.
![Page 6: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/6.jpg)
6July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Background: Privilege escalation
Rich Operating System
Applications
AppApp AppApp
Secure Operating System
Monitor
Horizontal privilege escalation (HPE)
Vertical p
rivilege escalation
![Page 7: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/7.jpg)
7July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
HPE attack using TA
Secure World
Secure OS
Normal World
Rich Operating
System
Applications
ARM Cortex Processor
App App
Monitor
Trusted Applications
TAApp
App
App
App
TA
Privilege escalation
![Page 8: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/8.jpg)
8July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Storing data in Secure World
Secure World
TA
Normal World
App
A: Write(data)
B: Store(data)
Global
Storage
![Page 9: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/9.jpg)
9July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Global data attack examples
Secure World
TA
Normal World
Victim
App
Malicious
App
Data leakage Data compromise Decryption oracle
Global
2: Read(data)
1: Write(data)
Secure World
TA
Normal World
Victim
App
Malicious
App
Global
3: Read decrypted input
Secure World
TA
Normal World
Victim
App
Malicious
App2: Modify
(data)
1: Write(data)
3: Read(data)
2: Request decrypt(key, input)
1: Write(key)
Global
![Page 10: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/10.jpg)
10July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Stored data attack examples
Secure World
TA1
Normal World
Victim
App
Malicious
App
Data leakage Data compromise Decryption oracle
Global
3: Read(data)
1: Save(data)
TA2
Global
Storage
2: Write(data)
Secure World
TA1
Normal World
Victim
App
Malicious
App
Global
4: Write(data)
1: Save(data)
TA2
Global
Storage
2: Write(data)
Secure World
TA1
Normal World
Victim
App
Malicious
App
Global
4: Read(key)
1: Save(key)
TA2
Global
Storage
2: Write(key)
4: Load(data)
3: Modify(data)
5: Read(data)
6: Load(data)
5: Read decrypted input
3: Request decrypt (key, input)
![Page 11: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/11.jpg)
11July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
HPE manual analysis
95 TA binaries analyzed
3 major TrustZone environments investigated(Kinibi, QSEE, Teegris)
HPE enabling vulnerabilities discovered (3 types)
![Page 12: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/12.jpg)
12July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Findings: vulnerable TAs
100%
42% 100%
0% 0% 0% 0%
28%
27% 100%
0% 0% 0% 0% 50%
25% 100%
0% 0% 0% 0%
2
10
3
1
2
6
2
7
11
3 3
4
5 5
2
12
3
5
3 3 3
0
2
4
6
8
10
12
14
TA group
Nu
mb
er in
eac
h g
rou
p
Vulnerable Investigated
Kinibi QSEE Teegris
![Page 13: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/13.jpg)
13July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Findings: vulnerable TAs
50%
25% 100%
0% 0% 0% 0%
2
12
3
5
3 3 3
DRM Key management Attestation Hardware drivers Device integrity Authentication Utility0
2
4
6
8
10
12
14
TA group
Nu
mb
er In
eac
h g
rou
p
Vulnerable Investigated
Teegris
Manual analysis: two engineers, four weeks
![Page 14: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/14.jpg)
14July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
HPE vulnerability impactData leakage
Example: Encryption key leaked to attacker
Data compromise
Example: Encryption key replaced with attacker data
Decryption oracle
Example: DRM content decrypted for malicious app
Encryption oracle
Example: Encrypted keys replaced with attacker data
Signing oracle
Example: TA signs forged attestation data
![Page 15: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/15.jpg)
15July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Findings: HPE attack vectors
2 3 3 2 2
11
2 2 3 2 2
11
2 2 2 1 2
93
3
6
3 3
6
3 3
6
1
2
1
5
9
1
2
1
5
9
1
2
1
5
9
0
5
10
15
20
25
30
HPE attack vectors
Nu
mb
er id
enti
fied
in e
ach
gro
up
DRM Key management Attestation
Kinibi QSEE Teegris
![Page 16: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/16.jpg)
16July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Findings: HPE attack vectors
2 2 2 1 2
93 3
6
1
2
1
5
9
Key leakage Data compromise Decryption oracle Encryption oracle Signing oracle Total0
5
10
15
20
25
30
HPE attack vectors
Nu
mb
er id
enti
fied
in e
ach
gro
up
DRM Key management Attestation
Teegris
![Page 17: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/17.jpg)
17July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Hooper: Automatic HPE detection
Symbolic execution
State matching
Vulnerability checking
Phase 1 Phase 2 Phase 3
TA binary
Path semantics
State inspection
Bugs found
![Page 18: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/18.jpg)
18July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Hooper: Cross-invocation trackingSimProceduresTA execution paths
Basic blocks
Paired paths using X
Paired paths using Storage[Y]
Cross-invocation data flows
Match global
variable
Match storage
locations
X = input output = X
Storage[Y] = input
output = Storage[Y]
Entry
Send output
![Page 19: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/19.jpg)
19July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Automatic analysis results
2 2 2
1
2
9
3 3
0 0 0
6
1
0
2
1
5
9
100% 100%
50% 100%
100%
88%
33% 33%0 0 0
33%
100%0
100%
100%
100%
100%
0
1
2
3
4
5
6
7
8
9
10
HPE attack vector
Nu
mb
er
of
atta
ck v
ecto
rs i
den
tifi
ed
Teegris
Identified False negatives
DRM Key management Attestation
![Page 20: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/20.jpg)
20July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Automatic analysis results
65
4
2
7
20
66%60% 75%
100%
100%
75%
Data leakage Data compromise Decryption oracle Encryption oracle Signing oracle Total0
5
10
15
20
25
HPE attack vector
Nu
mb
er o
f at
tack
vec
tors
id
enti
fied
Teegris
Identified False negatives
Vulnerabilities found in 24 hours vs 4 weeks of manual analysis
![Page 21: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/21.jpg)
21July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Mitigations
Resolve TA multi-tenant interference
Introduce session management inside all multi-tenant TAs
Standardized TA session management
Introduce a library for managing sessions inside TAs
Fine-grained access to Secure World storage
Partition Secure World storage and enforce fine-grained access control
Minimize access to TAs
Use fine-grained access policies to prevent unauthorized access to TAs
![Page 22: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/22.jpg)
22July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Conclusion
Some TAs store data from multiple applications across invocations
Insufficient access control exposes TA-managed data to attackers
Three type of HPE-enabling vulnerabilities found in 23 TAs
Automatic binary analysis can help identify HPE vulnerabilities
Platform-wide fine-grained access control would help mitigate HPE
![Page 23: Horizontal Privilege Escalation in Trusted Applications · Darius Suciu Stephen McLaughlin Laurent Simon . July 19, 2020 2 Hooper Stony Brook Network Security and Applied Cryptography](https://reader036.fdocuments.net/reader036/viewer/2022081518/6138bae60ad5d20676496fd9/html5/thumbnails/23.jpg)
23July 19, 2020
Hooper
Stony Brook Network Security and Applied Cryptography Laboratory
National Security Institute
Thank you!Contact information:
Darius Suciu [email protected]
Stephen McLaughlin [email protected]
Laurent Simon [email protected]
Radu Sion [email protected]
Questions?