SyncEmu: Enabling Dynamic Analysis of Stateful Trusted Applications

Lindenmeier C, Schulze SM, Röckl J, Busch M (2024)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2024

Publisher: Institute of Electrical and Electronics Engineers, Inc.

Pages Range: 177-185

Conference Proceedings Title: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Event location: Vienna AT

ISBN: 979-8-3503-6729-4

DOI: 10.1109/EuroSPW61312.2024.00024

Abstract

Modern mobile devices leverage ARM TrustZone to implement a Trusted Execution Environment (TEE). The security-critical services, called Trusted Applications (TAs), deployed in these TEEs form the backbone of those devices' security architectures. Unfortunately, TAs are not free from bugs and constitute the biggest attack surface of the TEE. A vulnerability in a TA can have devastating consequences, fundamentally compromising the whole system's security. Given the locked-down nature of COTS smartphones, the analysis of closed-source TAs remains challenging for independent security researchers. In this paper, we present SyncEmu to enable dynamic analysis of proprietary TAs found on COTS Android devices. To this end, we develop a framework to execute unmodified TEE firmware in an emulated environment (so-called rehosting). Using SyncEmu, we successfully rehost TrustedCore, a closed-source TEE implementation found on older Huawei devices. Furthermore, we propose and implement a novel technique called CA-in-the-loop, that allows SyncEmu to forward realistic requests of Client Applications (CAs) running on a physical smartphone to the rehosted TAs, pushing the boundaries of state-of-the-art in TEE rehosting.

Authors with CRIS profile

Christian Lindenmeier Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Sven Matti Schulze Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Marcel Busch

Involved external institutions

École Polytechnique Fédérale de Lausanne (EPFL) CH Switzerland (CH)

How to cite

APA:

Lindenmeier, C., Schulze, S.M., Röckl, J., & Busch, M. (2024). SyncEmu: Enabling Dynamic Analysis of Stateful Trusted Applications. In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 177-185). Vienna, AT: Institute of Electrical and Electronics Engineers, Inc..

MLA:

Lindenmeier, Christian, et al. "SyncEmu: Enabling Dynamic Analysis of Stateful Trusted Applications." Proceedings of the 9th IEEE European Symposium on Security and Privacy Workshops - EUROS&PW 2024, Vienna Institute of Electrical and Electronics Engineers, Inc., 2024. 177-185.

BibTeX: Download