Do Not Trust Power Management: Challenges and Hints for Securing Future Trusted Execution Environments
- URL: http://arxiv.org/abs/2405.15537v1
- Date: Fri, 24 May 2024 13:26:39 GMT
- Title: Do Not Trust Power Management: Challenges and Hints for Securing Future Trusted Execution Environments
- Authors: Owen Le Gonidec, Maria Méndez Real, Guillaume Bouffard, Jean-Christophe Prévotet,
- Abstract summary: Since 2017, Tang et al. introduced a new class of software-enabled hardware attacks.
These attacks aim at bypassing TEE security guarantees and exposing sensitive information like cryptographic keys.
This article presents the first comprehensive knowledge survey of these attacks, along with an evaluation of literature countermeasures.
- Score: 0.21665864340363084
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: Over the past few years, several research groups have introduced innovative hardware designs for Trusted Execution Environments (TEEs), aiming to secure applications against potentially compromised privileged software, including the kernel. Since 2017, Tang et al. introduced a new class of software-enabled hardware attacks, which leverages energy management mechanisms. These attacks aim at bypassing TEE security guarantees and exposing sensitive information like cryptographic keys. They have increased in prevalence over the past few years. Despite that, current RISC-V TEE architectures have yet to incorporate them into their threat models. Proprietary implementations, such as Arm TrustZone and Intel SGX, embed countermeasures. However, these countermeasures are not viable in the long term and hinder the capabilities of energy management mechanisms. This article presents the first comprehensive knowledge survey of these attacks, along with an evaluation of literature countermeasures. Our analysis highlights a substantial security gap between assumed threat models and the actual ones, presenting considerable threats in modern systems-on-chip that can undermine even the security guarantees provided by TEEs. We advocate for the enhancement of the next generation of RISC-V TEEs to address these attacks within their threat models, and we believe this study will spur further community efforts in this direction.
Related papers
- SoK: A Defense-Oriented Evaluation of Software Supply Chain Security [3.165193382160046]
We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach.
This paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships.
arXiv Detail & Related papers (2024-05-23T18:53:48Z) - GAN-GRID: A Novel Generative Attack on Smart Grid Stability Prediction [53.2306792009435]
We propose GAN-GRID a novel adversarial attack targeting the stability prediction system of a smart grid tailored to real-world constraints.
Our findings reveal that an adversary armed solely with the stability model's output, devoid of data or model knowledge, can craft data classified as stable with an Attack Success Rate (ASR) of 0.99.
arXiv Detail & Related papers (2024-05-20T14:43:46Z) - The MESA Security Model 2.0: A Dynamic Framework for Mitigating Stealth Data Exfiltration [0.0]
Stealth Data Exfiltration is a significant cyber threat characterized by covert infiltration, extended undetectability, and unauthorized dissemination of confidential data.
Our findings reveal that conventional defense-in-depth strategies often fall short in combating these sophisticated threats.
As we navigate this complex landscape, it is crucial to anticipate potential threats and continually update our defenses.
arXiv Detail & Related papers (2024-05-17T16:14:45Z) - Generative AI in Cybersecurity [0.0]
Generative Artificial Intelligence (GAI) has been pivotal in reshaping the field of data analysis, pattern recognition, and decision-making processes.
As GAI rapidly progresses, it outstrips the current pace of cybersecurity protocols and regulatory frameworks.
The study highlights the critical need for organizations to proactively identify and develop more complex defensive strategies to counter the sophisticated employment of GAI in malware creation.
arXiv Detail & Related papers (2024-05-02T19:03:11Z) - A Zero Trust Framework for Realization and Defense Against Generative AI
Attacks in Power Grid [62.91192307098067]
This paper proposes a novel zero trust framework for a power grid supply chain (PGSC)
It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats.
Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
arXiv Detail & Related papers (2024-03-11T02:47:21Z) - Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
We present the first security assessment of the 5G core from a web security perspective.
We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks.
Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
arXiv Detail & Related papers (2024-03-04T09:27:11Z) - Prioritizing Safeguarding Over Autonomy: Risks of LLM Agents for Science [65.77763092833348]
Intelligent agents powered by large language models (LLMs) have demonstrated substantial promise in autonomously conducting experiments and facilitating scientific discoveries across various disciplines.
While their capabilities are promising, these agents also introduce novel vulnerabilities that demand careful consideration for safety.
This paper conducts a thorough examination of vulnerabilities in LLM-based agents within scientific domains, shedding light on potential risks associated with their misuse and emphasizing the need for safety measures.
arXiv Detail & Related papers (2024-02-06T18:54:07Z) - Applying Large Language Models to Power Systems: Potential Security
Threats [14.819055765376174]
This article analyzes potential threats incurred by applying large language models (LLMs) to power systems.
It emphasizes the need for urgent research and development of countermeasures.
arXiv Detail & Related papers (2023-11-22T12:55:02Z) - Trust-based Approaches Towards Enhancing IoT Security: A Systematic Literature Review [3.0969632359049473]
This research paper presents a systematic literature review on the Trust-based cybersecurity security approaches for IoT.
We highlighted the common trust-based mitigation techniques in existence for dealing with these threats.
Several open issues were highlighted, and future research directions presented.
arXiv Detail & Related papers (2023-11-20T12:21:35Z) - On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors.
We present ROAR, a new class of attacks that instantiate a variety of such threats.
We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
arXiv Detail & Related papers (2023-05-03T18:47:42Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.