Load-Step: A Precise TrustZone Execution Control Framework for Exploring New Side-channel Attacks Like Flush+Evict
Hosted in Virtual Platform
Embedded and Cross-Layer Security
DescriptionEnclave attackers usually utilize interrupts to enhance the side-channel attacks. The maximum resolution is achieved in the Intel SGX, however, the power of side-channel attacks and the precision attackers can achieve in the Arm TrustZone are still unexplored. In this paper, we propose a framework named Load-Step that interrupts the TrustZone victim with load-instruction precision. Based on the Load-Step, we present Flush+Evict, a new side-channel attack that defeats the Prime+Probe with much higher precision and 282% throughput. When attacking the RSA in the latest MbedTLS library, we can automatically recover the full key by a single trace in 7.5 seconds.