TrustDump: Reliable Memory Acquisition on Smartphones

  • He Sun
  • Kun Sun
  • Yuewu Wang
  • Jiwu Jing
  • Sushil Jajodia
Conference paper

DOI: 10.1007/978-3-319-11203-9_12

Volume 8712 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Sun H., Sun K., Wang Y., Jing J., Jajodia S. (2014) TrustDump: Reliable Memory Acquisition on Smartphones. In: Kutyłowski M., Vaidya J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8712. Springer, Cham

Abstract

With the wide usage of smartphones in our daily life, new malware is emerging to compromise the mobile OS and steal the sensitive data from the mobile applications. Anti-malware tools should be continuously updated via static and dynamic malware analysis to detect and prevent the newest malware. Dynamic malware analysis depends on a reliable memory acquisition of the OS and the applications running on the smartphones. In this paper, we develop a TrustZone-based memory acquisition mechanism called TrustDump that is capable of reliably obtaining the RAM memory and CPU registers of the mobile OS even if the OS has crashed or has been compromised. The mobile OS is running in the TrustZone’s normal domain, and the memory acquisition tool is running in the TrustZone’s secure domain, which has the access privilege to the memory in the normal domain. Instead of using a hypervisor to ensure an isolation between the OS and the memory acquisition tool, we rely on ARM TrustZone to achieve a hardware-assisted isolation with a small trusted computing base (TCB) of about 450 lines of code. We build a TrustDump prototype on Freescale i.MX53 QSB.

Keywords

TrustZone Non-Maskable Interrupt Memory Acquisition 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • He Sun
    • 1
    • 2
    • 3
    • 4
  • Kun Sun
    • 4
  • Yuewu Wang
    • 1
    • 2
  • Jiwu Jing
    • 1
    • 2
  • Sushil Jajodia
    • 4
  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringCASBeijingP.R. China
  2. 2.Data Assurance and Communication Security Research CenterCASBeijingP.R. China
  3. 3.University of Chinese Academy of SciencesBeijingP.R. China
  4. 4.George Mason UniversityFairfaxUSA