NSF PAR Search | NSF Public Access Repository

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

LDR: Secure and Efficient Linux Driver Runtime for Embedded TEE Systems

https://doi.org/10.14722/ndss.2024.23009

Yan, Huaiyu; Ling, Zhen; Li, Haobo; Luo, Lan; Shao, Xinhui; Dong, Kai; Jiang, Ping; Yang, Ming; Luo, Junzhou; Fu, Xinwen (January 2024, Internet Society NDSS)

Full Text Available
fASLR: Function-Based ASLR via TrustZone-M and MPU for Resource-Constrained IoT Systems

https://doi.org/10.1109/JIOT.2022.3190374

Luo, Lan; Shao, Xinhui; Ling, Zhen; Yan, Huaiyu; Wei, Yumeng; Fu, Xinwen (September 2022, IEEE Internet of Things Journal)

Full Text Available
On Security of TrustZone-M-Based IoT Systems

https://doi.org/10.1109/JIOT.2022.3144405

Luo, Lan; Zhang, Yue; White, Clayton; Keating, Brandon; Pearson, Bryan; Shao, Xinhui; Ling, Zhen; Yu, Haofei; Zou, Cliff; Fu, Xinwen (June 2022, IEEE Internet of Things Journal)

Full Text Available
Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes

https://doi.org/10.1016/j.sysarc.2021.102240

Ling, Zhen; Yan, Huaiyu; Shao, Xinhui; Luo, Junzhou; Xu, Yiling; Pearson, Bryan; Fu, Xinwen (October 2021, Journal of Systems Architecture)

Full Text Available
On Runtime Software Security of TrustZone-M Based IoT Devices

https://doi.org/10.1109/GLOBECOM42002.2020.9322370

Luo, Lan; Zhang, Yue; Zou, Cliff; Shao, Xinhui; Ling, Zhen; Fu, Xinwen (December 2020, GLOBECOM 2020 - 2020 IEEE Global Communications Conference)
null (Ed.)
Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the Microchip SAM L11 MCU, which uses the ARM Cortex-M23 processor with the TrustZone-M technology. Strategies to mitigate these software attacks are also discussed.
more » « less
Full Text Available

Search for: All records