|
Einrichtungen >> Technische Fakultät (TF) >> Department Informatik (INF) >> Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) >>
|
Exploiting TEEs for Fun and Profit
- Art der Arbeit:
- Studien-/Bachelor-/Diplom-/Masterarbeit
- Betreuer:
- Busch, Marcel
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) E-Mail: marcel.busch@fau.de
- Beschreibung der Arbeit:
- In this thesis we're going to exploit OP-TEE.
OP-TEE [1] is a reference implementation for Trusted Execution Environments [2] based on ARM TrustZone [3].
This thesis aims to understand an attacker's perspective striving for ultimate power on systems using TEEs.
Usually there are three major privilege escalation stages for an attacker to overcome [4].
Userland process to kernel, kernel to Trusted Application (TA) context, and TA to Trusted Operating System (TOS).
In this thesis, we're going to focus on the latter two stages taking OP-TEE as our target.
We're going to introduce the memory corruptions needed to launch the exploits ourselves.
Those corruptions will be inspired by real-world vulnerabilities though.
The goal is to understand the special characteristics of exploitation techniques for TEEs.
The target architecture is AARCH64. Happy pwning!
1
2
3
4
- Schlagwörter:
- Offensive Security
- Bearbeitungszustand:
Die Arbeit ist bereits abgeschlossen. |
|
|
|
|
UnivIS ist ein Produkt der Config eG, Buckenhof |
|
|