TEEs (Trusted Execution Environments), with their interactions of complex hardware and extensive software TCBs, are notoriously hard to secure environments.
Would you like to develop a new understanding of TEE security ? Know TEEs beyond obvious interfaces? Becoming familiar with unexplored corners and thinking? Identify new vulnerability classes? Develop a methodical approach for building creative attacks and solid defense strategies?
Then, this training is for you!
“TEE Offensive Core” is a unique training for gaining a deep technical understanding of TEEs. Security challenges, potential pitfalls and vulnerabilities are explored with multiple threat models, across the entire TEE attack surface. Obscure attack vectors included.
The training is organized in a methodical flow, with an attacker-oriented perspective and delivered at an exciting pace. At the end of the training, students will be able to understand complexities of modern TEEs, identify non-obvious SW attack surfaces, have knowledge of relevant and new vulnerability classes.
Students are guided through the topics by means of innovative content, analysis of real, public case studies and tailored exercises.
The training is supported by purposely modified codebases, based on OP-TEE and ARM Trusted Firmware. Public attacks ported to the training codebase allow for close simulation of real vulnerabilities. Specially crafted exercises support discussion and understanding of new vulnerability classes.
Exploitation and remediation are also analyzed for all vulnerabilities. The training codebase also runs in an emulated target, where exploitation is performed for some of the vulnerabilities.
Presentations, interactive sessions, open questions, exercises are all mixed into a high intensity training, with an attention to interest span curves. An in-class, jeopardy-style CTF supports the training covering all its phases, from concepts understanding, to vulnerability identification and exploitation and related flags.
You are going to be overall challenged. So, better be prepared!
Participants are expected to have sound knowledge of modern OS security concepts, familiarity with C/C++ programming and SW vulnerabilities, basic knowledge of ARM architecture and exploitation. Experience with OS-level source code reviews, binary reverse engineering and SoC- level HW security may be greatly beneficial during the overall course.
The instructor has several years of experience in security evaluation and testing of TEEs, both at the SW and HW level, while also being a professional technical trainer.
The following topics are covered during the training:
The training is intended for both a defensive and offensive-oriented audience:
Cristofaro Mune is a Product Security consultant, providing support for design and development of secure products. He also performs device-level security testing with advanced SW and HW techniques.
He has more than 17 years of experience in (SW & HW) security assessment of highly secure products, as well as several years in TEE security evaluation and testing.
He has also contributed to development of TEE security evaluation methodologies and has been member of TEE security industry groups.
Research on Fault Injection, TEE security, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.
Twitter handle: @pulsoid