Data Covert Channels between the Secure World and the Normal World in the ARM TrustZone Architecture

Abstract

The ARM TrustZone architecture, which provides hardware-assisted isolation, is widely adopted in mobile and IoT devices. The security of ARM TrustZone relies on the idea of splitting system-on-chip hardware and software into two worlds, namely normal world and secure world. There are legitimate channels at the hardware level that the normal world and the secure world can use to communicate with each other. To protect these channels from being abused, research efforts were invested on restricting the access to these channels from normal world components. Therefore, only predefined and legitimate normal world components can use cross-world communication channels. In this work, we present a study on data covert channels that can bypass such protection mechanisms and smuggle sensitive information. We first analyze causes of the noise in the covert channel between two worlds. Then, we evaluate the accuracy and bandwidth of covert channels built by our Prime+Count method with one built by Prime+Probe method. Our results demonstrate that Prime+Count is an effective technique for enabling cross-world covert channels in the ARM TrustZone. © 2022 The Institute of Electronics, Information and Communication Engineers.