2018 Conference Objects
CLKscrew: Exposing the Perils of Security-Oblivious Energy Management, Usenix 2018 (Distinguished Paper Award)
The need for power- and energy-efficient computing has resulted in aggressive cooperative hardware-software en- ergy management mechanisms on modern commodity devices. Most systems today, for example, allow soft- ware to control the frequency and voltage of the under- lying hardware at a very fine granularity to extend bat- tery life. Despite their benefits, these software-exposed energy management mechanisms pose grave security im- plications that have not been studied before.
In this work, we present the CLKSCREW attack, a new class of fault attacks that exploit the security- obliviousness of energy management mechanisms to break security. A novel benefit for the attackers is that these fault attacks become more accessible since they can now be conducted without the need for physical access to the devices or fault injection equipment. We demonstrate CLKSCREW on commodity ARM/Android devices. We show that a malicious kernel driver (1) can extract secret cryptographic keys from Trustzone, and (2) can escalate its privileges by loading self-signed code into Trustzone. As the first work to show the security ramifications of energy management mechanisms, we urge the community to re-examine these security-oblivious designs.
Files
- usenix17_clkscrew_atang.pdf application/pdf 20.4 MB Download File
Also Published In
- Title
- Proceedings of the 26th USENIX Security Symposium
- Publisher
- USENIX Association
More About This Work
- Academic Units
- Computer Science
- Publisher
- USENIX Association
- Published Here
- April 3, 2019