The “TEE SW Security Training” provides a unique opportunity for broadening knowledge, increasing skills and refining perspectives required for a methodical approach to TEE security and, specifically, to TEE software (SW).
The training is designed from an attacker-oriented perspective, organized in a methodical flow, aimed at building the holistic approach required by TEE security. At the end of the training, students will be able to understand complexities of modern TEEs, identify non-obvious SW attack surfaces, be familiar with relevant vulnerability classes and perform reviews of TEE source code in the context of TEE relevant attacks.
Students are initially guided through TEE security models and components, understanding TEE SW specific roles and applicable attacks. TEE SW attack surface is explored in a comprehensive way, with multiple attacker models. Real, public case studies and attacks are analyzed while exploring vulnerability classes and the identified attack surface.
Practical exercises are a relevant portion of the training time. Students are tasked to identify vulnerabilities related to the covered concepts and in modified OP-TEE and ARM Trusted Firmware codebases. Wherever possible, public attacks have been ported to the training codebase, allowing for a close simulation of real vulnerabilities. Exploitation and remediation are discussed for all vulnerabilities. The training codebase is also running in an emulated target, allowing to perform actual exploitation for some of the vulnerabilities.
Unique to this training is the use of modern techniques for improving knowledge transfer quality and comfort. A mix of presentations, interactive sessions, open questions, exercises and other activities is delivered taking into account attention span curves. Exercises are organized in a jeopardy style, in-class CTF focusing on case analysis, vulnerability identification and successful exploits, leveraging gamification for an effective concept acquisition.
Participants are expected to have a good knowledge of modern OS technical and security concepts, being familiar with typical SW vulnerabilities and have a basic knowledge of ARM architecture and SW exploitation. Experience with OS-level source code reviews, binary reverse engineering, exploitation and exposure to SoC-level HW security may be beneficial during the overall course.
The following topics are covered during the training:
The “TEE SW Security Training” is intended for both a defensive and offensive-oriented audience:
Cristofaro Mune is a Product Security consultant, providing support for design and development of secure products. He also performs device-level security testing with advanced SW and HW techniques.
He has more than 16 years of experience in (SW & HW) security assessment of highly secure products, as well as several years in TEE security evaluation and testing.
He has also contributed to development of TEE security evaluation methodologies and has been member of TEE security industry groups.
Research on Fault Injection, TEE security, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.
Twitter handle: @pulsoid