Security Analysis of Multi-Zone TEEs
A Trusted Execution Environment (TEE) is an isolated environment within a system designed to securely execute sensitive operations without interference from the rest of the system. TEEs play an important role in embedded systems where critical applications need to be protected from unauthorized confidentiality and integrity violations from other applications. Prior to deploying a TEE implementation in a product, it is essential to evaluate its security properties so that we can assess whether the product can meet its target security requirements.
This thesis focuses on the evaluation of MultiZone, which is a TEE implementation developed by Hex-Five Security. MultiZone utilizes existing limited hardware support available in the lower-end processors in the Cortex-M family to provide security and separation for embedded applications. Although there have been many studies that tested the extent of secure isolation provided by popular TEE implementations such as ARM TrustZone and Intel SGX, we know of no independent studies that evaluate the security properties of MultiZone, which is a relatively new technology. In this research, we evaluate the effectiveness of MultiZone by performing a comprehensive review of its features, cost, and performance. We also analyze its security with respect to the four essential properties of a reference monitor, namely Non-Bypassable, Evaluable, Always invoked, and Tamper-proof, commonly known as NEAT.
Our research identified three crucial vulnerabilities when MultiZone is used incorrectly and we have performed responsible disclosures of these potential weaknesses to the developers of MultiZone. In addition, we observed a few development caveats that we believe must be considered before using MultiZone in a product. Our work characterizes the performance trade-offs associated with maintaining isolation in MultiZone. Finally, we share our experience regarding a few limitations in the MultiZone documentation.
History
Date
2023-05-05Degree Type
- Master's Thesis
Department
- Information Networking Institute
Degree Name
- Master of Science (MS)