부산대학교 도서관

In this paper we try to reproduce the results described in the paper "SPROBES: Enforcing Kernel Code Integrity on the TrustZone Architecture" [1]. The implementation revolves around the idea of protecting the operating system against rootkits with minimum overhead. This is described as an introspection mechanism implemented through TrustZone Secure Monitor Calls (SMC) and handled in secure world. It can instrument any operating system instruction. Since the challenge with this implementation was to avoid being removed by a rootkit, five invariants were enforced and considered to be enough to protect the operating system. This implementation was done on a Linux kernel 2.6.38 and used only 12 such SPROBES. As the original article was written the ARM market is expanding further and further with TrustZone extension now available even on the M series cortex systems. In addition to smartphones as described in previous article, the TrustZone extension is found in a lot of IoT device, such as RaspberryPi and in high-end devices. We try to reimplement the above-mentioned work on a new 4.9 Linux kernel and latest arm-trusted-firmware implementation for a reference ARM 64 hardware in order to identify if it could prove a viable software solution Also we provide feedback and observations for this whole process.