• Publications
  • Influence
Hacking in Darkness: Return-oriented Programming against Secure Enclaves
TLDR
Practical exploitation techniques, called Dark-ROP, are demonstrated, which can completely disarm the security guarantees of SGX and strongly suggests that traditional security mitigation should be taken more seriously than common directions that communities are actively taking for convince. Expand
PrivateZone: Providing a Private Execution Environment Using ARM TrustZone
TLDR
The design and implementation of PrivateZone was described, an Android application based on PrivateZone framework was developed, and the performance overhead imposed on the OS in the REE and SCLs in the PrEE. Expand
SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment
TLDR
The design and implementation of SeCReT are presented to show how it protects the key in the REE and a security analysis was performed by using a kernel rootkit and also ran LMBench microbenchmark to evaluate the performance overhead imposed by SeC reT. Expand
KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object
TLDR
KI-Mon is a hardware-based platform that introduces event-triggered monitoring techniques for kernel dynamic objects, and introduces host-side kernel changes that alleviate issues that involve changes in kernel's object allocation and cache policy control. Expand
On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators
TLDR
An evaluation of the proposed OBMI demonstrated that even adversaries with kernel privileges cannot gain access to the secret key, and it showed that the proposed mechanism incurs negligible performance degradation for both the CPU and GPU. Expand
Securing a communication channel for the trusted execution environment
TLDR
A design optimization of the initial version of SeCReT is proposed to mitigate these challenges and evaluate its effectiveness, as well as illustrating such challenges in terms of performance and security. Expand
Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection
TLDR
The TEE defense (TFence) framework is proposed that enables the creation of a partially privileged (par-priv) process, which benefits from the coordination of the system mode and virtualization extension and enables it to directly communicate with trust anchors such as hypervisor and TrustZone. Expand
S-OpenSGX: A system-level platform for exploring SGX enclave-based computing
TLDR
The design of S-OpenSGX is shown, which leverages QEMU's system emulation to provide researchers with full system-level support for exploring SGX enclave-based programming, including system functionalities such as scheduling, multithreading, page table handling, and SGX paging. Expand
Revisiting the Arm Debug Facility for OS Kernel Security
TLDR
This paper expanded the use of watchpoints as a hardware security primitive for enhancing the runtime security of mobile devices by analyzing the watchpoints in detail and derived useful watchpoint properties that can be exploited to build security applications. Expand
...
1
2
...