美国韦恩州立大学（Wayne State University, USA）Fengwei Zhang博士学术报告通知
撰稿人：刘杰容 发布时间：2019年6月24日 15:00
题目: Nailgun: Break the privilege isolation on ARM
报告人: 美国韦恩州立大学（Wayne State University）Fengwei Zhang博士
Processors nowadays are consistently equipped with debugging features to facilitate the program debugging and analysis. Although the debugging architecture has been presented for years, the security of the debugging features is under-examined since it normally requires physical access to use these features in the traditional debugging model. ARM introduces a new debugging model that requires no physical access since ARMv7. In this new debugging model, a host processor is able to pause and debug another target processor on the same chip (inter-processor debugging). The idea of Nailgun attack is to misuse the debugging architecture with the inter-processor debugging since it allows the debug host to pause and debug the target even when the target owns a higher privilege. Our experiments discover a number of vulnerable devices including IoT devices like Raspberry PI, all commercial ARM-based cloud platforms, and mobile phones from Huawei, Motorola, and Xiaomi. For further verification, we show that Nailgun attack can be used to access the Secure Configuration Register (which is only accessible in the secure state) on Raspberry PI and extract the fingerprint image stored in the secure memory of Huawei Mate 7 with a non-secure kernel module.
Dr. Fengwei Zhang is the Director of the COMPASS (COMPuter And Systems Security) Lab and Assistant Professor at the Department of Computer Science at Wayne State University. He received his Ph.D. degree in computer science from George Mason University in 2015. His research interests are in the areas of systems security, with a focus on trustworthy execution, transparent malware debugging, transportation security, and plausible deniability encryption. Fengwei has more than 10 years working experience in systems security. His work has been well recognized by the security community and he published about 30 top-tier conferences/journal papers, including IEEE S&P, USENIX Security, NDSS, IEEE TIFS, and IEEE TDSC. He has served as Program Committee at top conferences including ACM CCS and ACSAC, and he was the Publicity Chair for EuroSec 2018/9 and CCSW 2017. He is a recipient of the Distinguished Paper Award in ACSAC 2017. His high qualify work has received NSF Awards.