TrustDump: Reliable Memory Acquisition on Smartphones
作者: He Sun , Kun Sun , Yuewu Wang , Jiwu Jing , Sushil Jajodia
DOI: 10.1007/978-3-319-11203-9_12
关键词: Trusted computing base 、 Processor register 、 Computer science 、 Privilege (computing) 、 Malware analysis 、 Source lines of code 、 Isolation (database systems) 、 Operating system 、 Hypervisor 、 Malware
摘要: With the wide usage of smartphones in our daily life, new malware is emerging to compromise mobile OS and steal sensitive data from applications. Anti-malware tools should be continuously updated via static dynamic analysis detect prevent newest malware. Dynamic depends on a reliable memory acquisition applications running smartphones. In this paper, we develop TrustZone-based mechanism called TrustDump that capable reliably obtaining RAM CPU registers even if has crashed or been compromised. The TrustZone’s normal domain, tool secure which access privilege domain. Instead using hypervisor ensure an isolation between tool, rely ARM TrustZone achieve hardware-assisted with small trusted computing base (TCB) about 450 lines code. We build prototype Freescale i.MX53 QSB.
springer.com
core.ac.uk
wm.edu 
sci-hub.st 参考文章(26)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
T. Alves, TrustZone : Integrated Hardware and Software Security White Paper. ,(2004)
Andri P. Heriyanto, Procedures And Tools For Acquisition And Analysis Of Volatile Memory On Android Smartphones ,(2013) , 10.4225/75/57B3C9BAFB86F
David Lie, Lionel Litty, H. Andrés Lagar-Cavilla, Hypervisor support for identifying covertly executing binaries usenix security symposium. pp. 243- 258 ,(2008)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
Joe Sylve, Andrew Case, Lodovico Marziale, Golden G. Richard, Acquisition and analysis of volatile memory from android devices Digital Investigation. ,vol. 8, pp. 175- 184 ,(2012) , 10.1016/J.DIIN.2011.10.003
Ing. M.F. Breeuwsma, Forensic imaging of embedded systems using JTAG (boundary-scan) Digital Investigation. ,vol. 3, pp. 32- 42 ,(2006) , 10.1016/J.DIIN.2006.01.003
Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig, SecVisor Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07. ,vol. 41, pp. 335- 350 ,(2007) , 10.1145/1294261.1294294
Ahmed M. Azab, Peng Ning, Xiaolan Zhang, SICE Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 375- 388 ,(2011) , 10.1145/2046707.2046752