{"guid":"16c756dd-cb07-4c0e-9885-98243026f7cf","title":"Microarchitectural Attacks on Trusted Execution Environments","subtitle":null,"slug":"34c3-8950-microarchitectural_attacks_on_trusted_execution_environments","link":"https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8950.html","description":"Trusted Execution Environments (TEEs), like those based on ARM TrustZone or Intel SGX, intend to provide a secure way to run code beyond the typical reach of a computer’s operating system.\nHowever, when trusted and untrusted code runs on shared hardware, it opens the door to the same microarchitectural attacks that have been exploited for years. This talk provides an overview of these attacks as they have been applied to TEEs, and it additionally demonstrates how to mount these attacks on common TrustZone implementations. Finally, we identify new techniques which allow us to peer within TrustZone TEEs with greater resolution than ever before.","original_language":"eng","persons":["Keegan Ryan"],"tags":["34c3","8950","Security"],"view_count":1131,"promoted":false,"date":"2017-12-27T00:00:00.000+01:00","release_date":"2017-12-28T01:00:00.000+01:00","updated_at":"2026-03-09T13:00:06.312+01:00","length":3301,"duration":3301,"thumb_url":"https://static.media.ccc.de/media/congress/2017/8950-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2017/8950-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2017/16c756dd-cb07-4c0e-9885-98243026f7cf-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2017/16c756dd-cb07-4c0e-9885-98243026f7cf-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/34c3-8950-microarchitectural_attacks_on_trusted_execution_environments","url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_title":"34C3: TUWAT","conference_url":"https://api.media.ccc.de/public/conferences/34c3","related":[{"event_id":4762,"event_guid":"b036385c-ec1a-44e5-ae48-af703ce9b5d3","weight":5},{"event_id":4766,"event_guid":"19b7e5d7-bba7-46da-afbc-f16d43fe395f","weight":5},{"event_id":4767,"event_guid":"f2ca3661-30c8-476e-9d6b-920bb20b21eb","weight":15},{"event_id":4784,"event_guid":"65a25dfd-56dd-4e87-a910-334e2dc25a9c","weight":41},{"event_id":4794,"event_guid":"a2887b4a-0c9d-4220-a52f-c65c20ae25d7","weight":29},{"event_id":4795,"event_guid":"722ce759-9cde-4e3b-8db5-5a97aa9673d9","weight":5},{"event_id":4796,"event_guid":"ff24373e-ebe2-4077-9db0-eae5ab003538","weight":29},{"event_id":4803,"event_guid":"23d59026-ab98-4f6c-a46d-0bb3e1788a67","weight":28},{"event_id":4810,"event_guid":"c1acc5c2-58b2-4ed5-a504-351b8b93c171","weight":45},{"event_id":4812,"event_guid":"7edaed35-e938-4a13-b21c-aac4bb0ebf94","weight":15},{"event_id":4813,"event_guid":"d5d27820-0e97-4c19-bf57-b470cbbd97ef","weight":29},{"event_id":4817,"event_guid":"be19fbe3-e825-4e67-93f9-a6aeda2e31af","weight":15},{"event_id":4819,"event_guid":"55f921ed-ab90-4553-9903-8658557ac447","weight":24},{"event_id":4825,"event_guid":"a39634b4-d220-4c84-bf5a-e52c375827c5","weight":5},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":28},{"event_id":4830,"event_guid":"5cf8c222-47d3-4741-9324-be182b4d0fb8","weight":32},{"event_id":4832,"event_guid":"275f85de-d612-4440-8755-85dee5912f12","weight":17},{"event_id":4833,"event_guid":"e1a60f7b-6a56-4dce-ab3a-c686fa940aa8","weight":33},{"event_id":4839,"event_guid":"81530917-cfdd-4a08-bf29-9b71fafb1bc1","weight":25},{"event_id":4842,"event_guid":"581ccbad-4bbf-47a2-8845-f52278d61061","weight":26},{"event_id":4843,"event_guid":"86c60da2-fefc-4750-ad22-fa821ce619b1","weight":28},{"event_id":4844,"event_guid":"5c5e888e-4556-405b-a205-e59b97db99e1","weight":15}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments.en.srt","state":"complete","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2021-02-21T17:46:43.451+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments.en.srt","url":"https://api.media.ccc.de/public/recordings/44478","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":296,"length":3301,"mime_type":"video/mp4","language":"eng","filename":"34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:05:26.080+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments.mp4","url":"https://api.media.ccc.de/public/recordings/20974","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":297,"length":3301,"mime_type":"video/mp4","language":"deu","filename":"34c3-8950-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:05:41.729+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-8950-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments.mp4","url":"https://api.media.ccc.de/public/recordings/20975","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":480,"length":3301,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:05:56.844+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_hd.mp4","url":"https://api.media.ccc.de/public/recordings/20976","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":238,"length":3301,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T17:08:17.468+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-hd/34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/21049","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":184,"length":3301,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-28T17:26:18.565+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-sd/34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_sd.mp4","url":"https://api.media.ccc.de/public/recordings/21080","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":532,"length":3301,"mime_type":"video/webm","language":"eng-deu","filename":"34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-28T17:55:56.849+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-sd/34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/21096","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":35,"length":3286,"mime_type":"audio/opus","language":"eng","filename":"34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-28T20:27:36.874+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/opus/34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments.opus","url":"https://api.media.ccc.de/public/recordings/21154","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":50,"length":3286,"mime_type":"audio/mpeg","language":"eng","filename":"34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-28T20:28:08.572+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/mp3/34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments.mp3","url":"https://api.media.ccc.de/public/recordings/21155","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":686,"length":3301,"mime_type":"video/webm","language":"eng-deu","filename":"34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T21:40:24.661+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-hd/34c3-8950-eng-deu-Microarchitectural_Attacks_on_Trusted_Execution_Environments_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/21248","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":72,"length":3301,"mime_type":"video/mp4","language":"eng","filename":"34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments_sd-slides.mp4","state":"new","folder":"slides-h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-01-02T15:31:51.907+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-sd/34c3-8950-eng-Microarchitectural_Attacks_on_Trusted_Execution_Environments_sd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/22280","event_url":"https://api.media.ccc.de/public/events/16c756dd-cb07-4c0e-9885-98243026f7cf","conference_url":"https://api.media.ccc.de/public/conferences/34c3"}]}