{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T14:25:27Z","timestamp":1730298327206,"version":"3.28.0"},"reference-count":93,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/spw54247.2022.9833891","type":"proceedings-article","created":{"date-parts":[[2022,7,25]],"date-time":"2022-07-25T16:14:47Z","timestamp":1658765687000},"page":"265-276","source":"Crossref","is-referenced-by-count":3,"title":["Abusing Trust: Mobile Kernel Subversion via TrustZone Rootkits"],"prefix":"10.1109","author":[{"given":"Daniel","family":"Marth","sequence":"first","affiliation":[{"name":"RISE–Research Industrial Systems Engineering GmbH"}]},{"given":"Clemens","family":"Hlauschek","sequence":"additional","affiliation":[{"name":"RISE–Research Industrial Systems Engineering GmbH"}]},{"given":"Christian","family":"Schanes","sequence":"additional","affiliation":[{"name":"RISE–Research Industrial Systems Engineering GmbH"}]},{"given":"Thomas","family":"Grechenig","sequence":"additional","affiliation":[{"name":"TU Wien,Research Group for Industrial Software"}]}],"member":"263","reference":[{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065915"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2018.8342267"},{"year":"2020","key":"ref71","article-title":"Lkrg - linux kernel runtime guard"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23421"},{"year":"0","key":"ref76","article-title":"Bits, please!"},{"year":"2016","key":"ref77","article-title":"Bits, please!: Exploring qualcomm’s secure execution environment"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2019.2910104"},{"year":"0","key":"ref39","article-title":"Linaro - leading collaboration in the arm ecosystem"},{"article-title":"SGAxe: How SGX Fails in Practice","year":"2020","author":"van schaik","key":"ref75"},{"year":"0","key":"ref38","article-title":"About op-tee - op-tee documentation"},{"year":"2016","key":"ref78","article-title":"Bits, please!: War of the worlds - hijacking the linux kernel from qsee"},{"journal-title":"Reflections on Trusting Trust","year":"2014","author":"rosenberg","key":"ref79"},{"article-title":"Lexfo’s security blog - cve-2017-11176: A step-by-step linux kernel exploitation (part 4\/4)","year":"2018","author":"fabretti","key":"ref33"},{"journal-title":"Modern Operating Systems","year":"2015","author":"tanenbaum","key":"ref32"},{"year":"2020","key":"ref31","article-title":"What is rcu?–“read, copy, update” - the linux kernel documentation"},{"article-title":"What is rcu, fundamentally?","year":"2007","author":"mckenney","key":"ref30"},{"year":"0","key":"ref37","article-title":"Open portable trusted execution environment - op-tee"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3291047"},{"journal-title":"ARM Security Technology Building A Secure System Using TrustZone Technology","year":"2009","key":"ref35"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-84800-070-4"},{"year":"2015","key":"ref60","article-title":"arm64: introduce va_start macro - the first kernel virtual address"},{"year":"2019","key":"ref62","article-title":"arm64: mm: Flip kernel va space"},{"year":"2020","key":"ref61","article-title":"init task.c - init - kernel\/git\/torvalds\/linux.git - linux kernel source tree"},{"year":"2021","key":"ref63","article-title":"access(2) - linux manual page"},{"year":"2020","key":"ref28","article-title":"Kconfig - arm64 - arch - kernel\/git\/torvalds\/linux.git - linux kernel source tree"},{"year":"2009","key":"ref64","article-title":"CRED: Differentiate objective and effective subjective credentials on a task"},{"journal-title":"Computer Organization and Design ARM Edition The Hardware Software Interface","year":"2016","author":"patterson","key":"ref27"},{"year":"2009","key":"ref65","article-title":"CRED: Inaugurate COW credentials"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_1"},{"journal-title":"Operating Systems Internals and Design Principles","year":"2017","author":"stallings","key":"ref29"},{"key":"ref67","article-title":"Kernel korner - sleeping in the kernel","author":"sovani","year":"2005","journal-title":"Linux Journal"},{"year":"0","key":"ref68","article-title":"Frequently asked questions - op-tee documentation"},{"year":"0","key":"ref69","article-title":"linaro-swg\/linux: Linux kernel source tree"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2017.09.034"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.4324\/9781315167718"},{"article-title":"How many million bioses would you like to infect","year":"2015","author":"kallenberg","key":"ref20"},{"year":"2017","key":"ref22","article-title":"Nvd - cve-2017-5689"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1002\/sec.166"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ICAC.2016.46"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-6385-5_32"},{"journal-title":"ARM Architecture Reference Manual ARMv 8 for ARMv8-A Architecture Profile","year":"2020","key":"ref26"},{"journal-title":"How Linux works What every Superuser should know","year":"2014","author":"ward","key":"ref25"},{"article-title":"Kernel address space layout randomization","year":"2013","author":"edge","key":"ref50"},{"year":"2020","key":"ref51","article-title":"arm64-stub.c - libstub - efi - firmware - drivers -kernel\/git\/torvalds\/linux.git - linux kernel source tree"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24324"},{"key":"ref92","article-title":"Lkim: The linux kernel integrity measurer","author":"pendergrass","year":"2013","journal-title":"Johns Hopkins APL Technical Digest"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.05.005"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-016-0038-z"},{"year":"2016","key":"ref59","article-title":"sched\/core: Allow putting thread_info into task_struct"},{"year":"2017","key":"ref58","article-title":"task_struct: Allow randomized layout"},{"article-title":"Randomizing structure layout","year":"2017","author":"hussein","key":"ref57"},{"journal-title":"GlobalPlatform Device Technology TEE Sockets API Specification","year":"2021","key":"ref56"},{"year":"2020","key":"ref55","article-title":"booting.rst - arm64 - documentation - kernel\/git\/-torvalds\/linux.git - linux kernel source tree"},{"year":"2018","key":"ref54","article-title":"arm64\/mm: move runtime pgds to rodata"},{"year":"2020","key":"ref53","article-title":"head.s - kernel - arm64 - arch - ker-nel\/git\/torvalds\/linux.git - linux kernel source tree"},{"year":"0","key":"ref52","article-title":"arm-trusted-firmware\/platform_def.h at v2.3 - arm-software\/arm-trusted-firmware"},{"journal-title":"GlobalPlatform Device Committee TEE Protection Profile","year":"2020","key":"ref10"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3465413.3488571"},{"year":"0","key":"ref40"},{"year":"2017","key":"ref12","article-title":"Project zero: Trust issues: Exploiting trustzone tees"},{"year":"2016","key":"ref13","article-title":"Bits, please!: Qsee privilege escalation vulnerability and exploit (cve-2015-6639)"},{"year":"2016","key":"ref14","article-title":"Bits, please!: Trustzone kernel privilege escalation (cve-2016-2431)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00061"},{"article-title":"Unbox your phone — part i","year":"2018","author":"komaromy","key":"ref82"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407072"},{"journal-title":"Attacking your ”trusted core\" Exploiting trustzone on an-droid","year":"2015","author":"shen","key":"ref81"},{"journal-title":"ARM Cortex-A series programmer's guide for ARMv8-A","year":"2015","key":"ref17"},{"article-title":"Man-in-the-middle attacks on lenovo computers","year":"0","author":"schneier","key":"ref84"},{"article-title":"Next generation mobile rootkits","year":"2013","author":"roth","key":"ref18"},{"year":"0","key":"ref83","article-title":"Revisiting the sony rootkit"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23227"},{"article-title":"Tee exploitation: Exploiting trusted apps on samsung’s tee","year":"2019","author":"sanfelix","key":"ref80"},{"key":"ref89","article-title":"Autoprofile: Towards automated profile generation for memory analysis","volume":"25","author":"pagani","year":"2021","journal-title":"ACM Trans Priv Secur"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TELFOR.2017.8249402"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE.2017.7889265"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2948618.2948621"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.03.007"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/1460877.1460892"},{"key":"ref8","article-title":"BootStomp: On the Security of Bootloaders in Mobile Devices","author":"redini","year":"2017","journal-title":"USENIX Security 2017"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2014.44"},{"article-title":"Intel x86 considered harmful","year":"2015","author":"rutkowska","key":"ref7"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660350"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2819119"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_9"},{"key":"ref9","article-title":"‘hardening’ android: Building security into the core of mobile devices","volume":"2","author":"dickson","year":"2014","journal-title":"Secure Networking in Frost & Sullivan"},{"key":"ref46","article-title":"mcarve: Carving attributed dump sets","author":"van deursen","year":"2011","journal-title":"Abstract book of 20th USENIX Security Symposium"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2007.10.001"},{"key":"ref48","article-title":"Rfc 1421: Privacy enhancement for internet electronic mail: Part i: Message encryption and authentication procedures","author":"linn","year":"1993","journal-title":"Tech Rep"},{"key":"ref47","article-title":"Cryptographic communications system and method","author":"rivest","year":"1983","journal-title":"Patent"},{"year":"0","key":"ref42","article-title":"Platforms supported - op-tee documentation"},{"key":"ref41","article-title":"Qemu, a fast and portable dynamic translator","volume":"41","author":"bellard","year":"2005","journal-title":"USENIX Annual Technical Conference Freenix track"},{"year":"0","key":"ref44","article-title":"Core - op-tee documentation"},{"year":"0","key":"ref43","article-title":"Trusted applications - op-tee documentation"}],"event":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","start":{"date-parts":[[2022,5,22]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Security and Privacy Workshops (SPW)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833855\/9833856\/09833891.pdf?arnumber=9833891","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,15]],"date-time":"2022-08-15T16:02:44Z","timestamp":1660579364000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833891\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":93,"URL":"https:\/\/doi.org\/10.1109\/spw54247.2022.9833891","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}