DESCRIPTION

TEEs (Trusted Execution Environments), with their interactions of complex hardware and extensive software TCBs, are notoriously hard to secure environments.

Would you like to develop a new understanding of TEE security ? Know TEEs beyond obvious interfaces? Becoming familiar with unexplored corners and thinking? Identify new vulnerability classes? Develop a methodical approach for building creative attacks and solid defense strategies?

Then, this training is for you!

“TEE Offensive Core” is a unique training for gaining a deep technical understanding of TEEs. Security challenges, potential pitfalls and vulnerabilities are explored with multiple threat models, across the entire TEE attack surface. Obscure attack vectors included.

The training is organized in a methodical flow, with an attacker-oriented perspective and delivered at an exciting pace. At the end of the training, students will be able to understand complexities of modern TEEs, identify non-obvious SW attack surfaces, have knowledge of relevant and new vulnerability classes.

Students are guided through the topics by means of innovative content, analysis of real, public case studies and tailored exercises.

The training is supported by purposely modified codebases, based on OP-TEE and ARM Trusted Firmware. Public attacks ported to the training codebase allow for close simulation of real vulnerabilities. Specially crafted exercises support discussion and understanding of new vulnerability classes.

Exploitation and remediation are also analyzed for all vulnerabilities. The training codebase also runs in an emulated target, where exploitation is performed for some of the vulnerabilities.

Presentations, interactive sessions, open questions, exercises are all mixed into a high intensity training, with an attention to interest span curves. An in-class, jeopardy-style CTF supports the training covering all its phases, from concepts understanding, to vulnerability identification and exploitation and related flags.

You are going to be overall challenged. So, better be prepared!

Participants are expected to have sound knowledge of modern OS security concepts, familiarity with C/C++ programming and SW vulnerabilities, basic knowledge of ARM architecture and exploitation. Experience with OS-level source code reviews, binary reverse engineering and SoC- level HW security may be greatly beneficial during the overall course.

The instructor has several years of experience in security evaluation and testing of TEEs, both at the SW and HW level, while also being a professional technical trainer.

COURSE OUTLINE

The following topics are covered during the training:

• TEE and TEE SW security concepts
  • TEE security model
  • TEE HW & SW components roles
• "ARM TrustZone-based TEEs
  • Security model and TEE HW primitives
  • TEE SW components
• TEE SW attack surfaces
  • REE attacker model
  • TA attacker model
  • Physical attacker model
• TEE runtime and attacks
  • REE-based
  • TA-based
• TEE initialization and attacks
  • Secure Boot
  • Bootloaders
  • TEE HW initialization
• TEE configuration and attacks:
  • Understand TEE configurations
  • Attacks examples