Trusted Monitor: TEE-Based System Monitoring
Abstract
As trusted computing becomes increasingly im-
portant, Trusted Execution Environments (TEEs) see more
widespread use. A particular high demand for security arises
in the context of embedded systems in critical infrastructures.
We present a novel intrusion detection system called the Trusted
Monitor (TM) that protects its integrity even in the presence of
a system-level attacker by running inside the ARM TrustZone
TEE. The TM constantly monitors the system using hardware
performance counters and detects intrusions based on the classi-
fication by an application-specific machine learning model. Our
evaluation shows that the TM correctly classifies 86% of 183
evaluated workloads, while the performance overhead stays below
2%. In particular, we show that a real-world kernel-level rootkit
observably influences the hardware performance counters and,
thus, can be detected.
mehrMehr zum Titel
| Titel | Trusted Monitor: TEE-Based System Monitoring |
|---|---|
| Medien | Proceedings of the XII Brazilian Symposium on Computing Systems Engineering (SBESC 2022) |
| Verlag | IEEE |
| ISBN | 978-1-6654-7425-2 |
| Verfasser | Benedikt Jung, Christian Eichler, Jonas Röckl, Ralph Schlenk, Timo Hönig, Prof. Dr. Tilo Müller |
| Veröffentlichungsdatum | 21.11.2022 |
| Zitation | Jung, Benedikt; Eichler, Christian; Röckl, Jonas; Schlenk, Ralph; Hönig, Timo; Müller, Tilo (2022): Trusted Monitor: TEE-Based System Monitoring . Proceedings of the XII Brazilian Symposium on Computing Systems Engineering (SBESC 2022). DOI: 10.1109/SBESC56799.2022.9964869 |