Submitted Abstract
Trusted hardware technologies are commonly used as anti-tamper technologies to make software more resistant against attack and protect critical program elements. It is generally more difficult to successfully attack trusted hardware than a software-only protection scheme. In these years, several technologies have been proposed and implemented in computers’ processors. The most spread solutions are Intel SGX and ARM Trustzone-A. They both have been largely used for implementing the security and privacy of software running in both the cloud servers and mobile devices.With the advent of the Internet of Things (IoT) paradigm, computing and networking capabilities are extending to devices that are not considered as computers, enabling them to interact with the physical world or other software entities with minimal or no human input. Every IoT device can potentially talk to other related devices in an environment to automate home and industry tasks, and to communicate usable sensor data. These devices are powered by embedded computers: small hardware (microcontrollers) equipped with specialized sensors and actuators that run a constrained software to handle data and external communication. Microcontrollers processors have much more limitations than application processors. Indeed, the main requirements for microcontroller applications are low power consumption, real-time processing, deterministic behavior, and low interrupt latency. Thus, hardware security extensions for application processors cannot be directly applied, because they have been developed for more relaxed use cases. Lately, ARM Holding, that already owns the largest share of mobile and embedded markets (60%), has further extended TrustZone-support for the tiniest low-end devices, which it estimates to reach nearly 1 trillion by 2035. To reach this objective, ARM designed a hardware security extension from the ground up, instead of reusing it from application processors, for microcontrollers with the name of TrustZone Technology for Cortex-M profile or TrustZone-M.The STARTS (SecuriTy Assessment of tRusTzone-m based Software) project proposal aims to create a methodology for the security assessment of software based on TrustZone-M. The methodology consists of the exploitation of a verification and validation framework to automatically test TrustZone-M based software. This framework will implement new methods for the security assessment process: the detection of the attack surface of the software running in the secure world of an ARMv8-M device; the generation of test inputs for the target interfaces exploiting the unique feedback of the target; the detection of security violations in executed test case (TrustZone-M test oracles).