logo
allArticlesConferencesPresentations

RustZone: Writing Trusted Applications in Rust

Conference:  BlackHat EU 2018

2018-12-06

Summary

The presentation discusses the use of trust execution environments and the potential of Rust as a replacement for C in certain applications.
  • Trust execution environments are useful but not a silver bullet for security
  • Rust is a potential replacement for C in certain applications due to its ability to compile straight down with no Lib C
  • Memory safety and other language features make Rust a useful language
  • Secure storage in trusted execution environments is possible through processor features and configuration
  • Arm's trusted execution environment defines two worlds, normal and secure, with restricted access to hardware, memory, and code
  • Access to peripherals is available from the normal world
The speaker explains that the information on how to restrict access to hardware, memory, and code in trusted execution environments is often not publicly available and requires signing NDAs. This makes it difficult for individuals who are not big clients to access this information.

Abstract

Trusted Execution Environments (TEEs) are present in many devices today, and are used to perform security critical computation in an isolated environment. ARM's TrustZone is one of the most widely used TEEs in the world today, present in nearly every modern Android device.TrustZone allows developers to write applications that run in a "Secure World" with hardware isolation of resources. Most implementations use a Trusted Operating System to run multiple Trusted Applications.However, Trusted Applications are still written in C, and many common classes of vulnerabilities have been found in these applications. While TrustZone provides isolation of resources, it cannot prevent against vulnerable code.In this talk, we will explore using the Rust language to write a Trusted Application. Rust allows developers to write system level code, but provides security features including memory safety, type safety, and error handling. These are desirable features for development of Trusted Applications.We will begin with an overview of TrustZone and Rust language, then show how Rust can be used to develop a Trusted Application. To conclude, we will demo a Trusted Application on real TrustZone hardware.
Materials:
Slides
Tags:

Post a comment

Related work

⚡ Lightning Talk: Talking to Kubernetes with Rust

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: James Laverack
2023-04-18

JavaScript in WebAssembly? Why and How

Conference:  CloudOpen 2022
Authors: Michael Yuan
2022-06-22

Breaking Samsung's ARM TrustZone

Conference:  BlackHat USA 2019
Authors:
2019-08-08

Terraform Top 10

Conference:  Global AppSec San Francisco 2022
Authors: Aakash Shah
2022-11-18

Secure and Dynamic Hardware Partitioning Management on Heterogeneous SoC

Conference:  Linux Security Summit Europe 2022
Authors: Zahra Tarkhani
2022-09-15

Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design

Conference:  Black Hat USA 2022
Authors:
2022-08-10