C3Subtitles: 34c3: TrustZone is not enough

TrustZone is not enough

Hijacking debug components for embedded security

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
This talk deals with embedded systems security and ARM processors architecture. Most of us know that we can perform security with the ARM TrustZone framework. I will show that most ARM processors include debug components (aka CoreSight components) that can be used to create efficient security mechanisms.

Embedded security is still a hot topic. For several years, ARM have proposed its TrustZone framework. With some colleagues, we have studied how we could use debug components available in most ARM processors to create security mechanisms targeting a wide range of attacks (buffer overflows, ROPs…) with minimal performance overheads.
We use CoreSight debug components in with a technique called dynamic information flow tracking (aka DIFT) which allow us to monitor the execution of an application at runtime. Compared to existing works, we show that there’s no need to modify the main processor (existing binaries will be compatible!). Furthermore, we used a coprocessor implemented in reconfigurable logic (FPGA chip) to speedup the DIFT process.
This ARM/FPGA combo is up to 90% faster than related techniques in terms of instrumentation time. Furthermore, as the ARM CPU has not been modified (while existing works do modify it…), the final user doesn’t have to recompile all his/her programs to be compatible with our approach.
We will also show a few clues to indicate how we could target multi-threaded/multi-processor architectures as it is the case of most embedded systems by now.

Talk ID
Saal Adams
1 p.m.
Type of
Pascal Cotret

Talk & Speaker speed statistics

Very rough underestimation:
117.3 wpm
646.5 spm
119.8 wpm
658.9 spm
0.0% Checking done0.0%
100.0% Syncing done100.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%

English: Quality control done until

Last revision: 11 months, 1 week ago

Talk & Speaker speed statistics with word clouds

Whole talk:
117.3 wpm
646.5 spm
Pascal Cotret:
119.8 wpm
658.9 spm