Secure Debug in Trusted Execution Environments

Abstract

Trusted Execution Environments provide improved security guarantees with a smaller attack surface at the cost of a reduced feature set. This accomplishes the goal of a secure environment, however the lack of introspection and debugging solutions can also hamper development efforts for secure applications.

The goal of this thesis is to examine introspection techniques for improving development effort, enabling debugging and tracing of secure components while accounting for security considerations inherently present in such activities. Specific focus is put on the Secure World within ARM TrustZone. Both hardware and softwarebased tracing approaches are considered and studied.

This thesis details the implementation and evaluation of a hardware tracing solution, which integrates open-source technologies and leverages the ARM CoreSight Architecture. A softwarebased stack trace feature for 64-bit ARM is also implemented and design considerations are evaluated. The two approaches are compared in terms of capabilities, advantages, and drawbacks. This thesis also performs a security evaluation, which discusses security tradeoffs between the different approaches and design decisions.