CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management

Authors:

Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo, Columbia University

Distinguished Paper Award Winner!

Adrian Tang, Columbia University

Simha Sethumadhavan, Columbia University

Salvatore Stolfo, Columbia University

Open Access Content

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone.Support USENIX and our commitment to Open Access.

Tang PDF

View the Slides

BibTeX

@inproceedings {203864,

author = {Adrian Tang and Simha Sethumadhavan and Salvatore Stolfo},

title = {{CLKSCREW}: Exposing the Perils of Security-Oblivious Energy Management},

booktitle = {26th {USENIX} Security Symposium ({USENIX} Security 17)},

year = {2017},

isbn = {978-1-931971-40-9},

address = {Vancouver, BC},

pages = {1057–1074},

url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang},

publisher = {{USENIX} Association},

}

Download

Abstract:

The need for power- and energy-efficient computing has resulted in aggressive cooperative hardware-software energy management mechanisms on modern commodity devices. Most systems today, for example, allow software to control the frequency and voltage of the underlying hardware at a very fine granularity to extend battery life. Despite their benefits, these software-exposed energy management mechanisms pose grave security implications that have not been studied before.

In this work, we present the CLK SCREW attack, a new class of fault attacks that exploit the security-obliviousness of energy management mechanisms to break security. A novel benefit for the attackers is that these fault attacks become more accessible since they can now be conducted without the need for physical access to the devices or fault injection equipment. We demonstrate CLK SCREW on commodity ARM/Android devices. We show that a malicious kernel driver (1) can extract secret cryptographic keys from Trustzone, and (2) can escalate its privileges by loading self-signed code into Trustzone. As the first work to show the security ramifications of energy management mechanisms, we urge the community to re-examine these security-oblivious designs.

Award:

Distinguished Paper Award

YouTube Video:

Lobsters稿源:Lobsters (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 综合编程 » CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录