- Webinar |
- Netherlands 2024 |
- USA 2024 |
- Netherlands 2023 |
- USA 2023 |
- Netherlands 2022 |
- USA 2022 |
- Netherlands 2021 |
- USA 2021 |
- Germany 2021 |
- Berlin 2021 |
- Netherlands 2020 |
- Virtual Con 2020 |
- Berlin 2020 |
- Netherlands 2019 |
- USA 2019 |
- Berlin 2019 |
- Netherlands 2018 |
- Berlin 2018 |
- Netherlands 2017 |
- Netherlands 2016 |
- Netherlands 2015
DESCRIPTION
Trusted Execution Environments (TEEs) are notoriously hard to secure, due to the interaction between complex hardware and a large trusted code bases (TCB).
Would you like to gain a system-level understanding of TEE security? Identify new vulnerability classes? Learn new exploitation techniques? Understand how the underlying hardware (HW) may become a powerful resource for SW exploitation?
Then, this is THE training for you.
“TEE Offensive Core”, with its system-level approach, where HW and SW concur to SW exploitation, provides a unique experience for a thorough understanding of TEEs and their SW security. The training is modeled around ARM TrustZone based TEEs, but the discussed concepts are often applicable to non-TrustZone TEEs as well.
The training is organized in a methodical flow, with an attacker-oriented perspective.
TEE SW vulnerabilities are discussed across the entire TEE attacks surface, along with non- conventional exploitation techniques. A solid understanding of TEE system security is built step by step, in light of multiple threat models.
You are guided through the topics by means of new content, analysis of public vulnerabilities and exploits, as well as tailored exercises. The training is supported by widely used codebases, such as OP-TEE and ARM Trusted Firmware (ATF), which have been purposely modified for supporting classroom exercises. Public attacks, up to the most recent ones, are ported to the training codebase allowing for close simulation of real vulnerabilities. Specially crafted exercises support discussion of attack vectors, impacts and applicable techniques. The training codebase runs in an emulated ARMv8 (AArch64) target, where exploitation is performed for some of the vulnerabilities.
The exploitability of all vulnerabilities is analyzed taking the overall system into account. Techniques for"HW augmented" exploitation, where the underlying HW is used for novel and creative SW exploits, are introduced and discussed in details.
Presentations, interactive sessions, open questions and exercises are all mixed into a high intensity training. An in-class, jeopardy-style CTF supports the training during all its phases, from understanding theoretical concepts, to identification of vulnerabilities and exploitation.
COURSE OUTLINE
The following topics will be covered during the 3 days of training:
- TEE Security Intro
- Fundamentals
- Security model
- ARM TrustZone-based TEEs
- TEE HW primitives
- TEE SW components
- Attacker models
- TEE SW attack surfaces
- Communications
- TCB
- TEE runtime attacks and exploitation [Advanced]:
- REE --> TEE
- REE --> TA
- TA --> TEE
- TA --> TA
- Crypto primitives attacks
- HW-augmented exploitation [Advanced]
- TEE initialization attacks
- TEE configuration attacks
Who should attend?
The training is intended for:
- Security Analysts and Researchers, interested in new techniques, or
- SW Security Developers/Architects interested in defenses against attacks combining HW and SW.
What attendees should bring?
A laptop:
- capable of running VMware Fusion, Workstation or the free VMware Player
- with one of the above VMWare products installed (latest version preferred)
- with 40GB available disk space
- with Wi-Fi connectivity
What will be provided?
- A VMWare image with all the tools and code needed for the exercises
ABOUT THE TRAINER
Cristofaro Mune has been in the security field for 15+ years. He has 10 years of experience with
evaluating SW and HW security of secure products, as well as more than 5 years of experience in
testing and assessing the security of TEEs.
He works as an independent Product Security Consultant, providing support for design and
development of secure products. He also performs device-level security testing with advanced SW
and HW techniques. Finally, he provides security training on low-level topics, usually lying at the
boundaries of SW and HW.
He has contributed to development of TEE security evaluation methodologies and has been
member of TEE security industry groups.
Research on Fault Injection, TEEs, White-Box cryptography, IoT exploitation and Mobile Security
has been presented at renowned international conferences and in academic papers.
Twitter handle: @pulsoid
