Contemporary ARM Security Research Surface — by Ron Munitz
#IICSG2018 Conference Workshop Track
Day 2 (25 May 2018)
@ Bras Basah Room
In this talk, Ron Munitz will discuss the building blocks of modern ARM-based products [read: Mobile, IoT, (and coming very soon): Servers and Desktop] based products, and give an in-depth introduction and concept translation from the x86/x86_64 security research world, into the (very rich world) of ARM security research.
We will start our discussion with a strict definition of where the "hardware stops" and the "software starts", understand the boot process in the ARM architecture, provide a thorough understanding of where the "hardware stops" and the "software start", understand the boot process in the ARM architecture, and give a very brief introduction to the different types of core cortex M/A/R families, what custom design and licensing means, and what it may mean for security researchers.
Then, we will discuss how an Operating System kicks in (in the so-called "Normal/Rich world"), discuss the split from the base ARM design and present several Operating Systems, and tips for the security researchers on how to assess them. Special treatment will be given to the differences between X86 and ARM-based components, and practical tips within the Linux/Android kernel, as well as some surprising references in MacOS and XNU.
We will complete the discussion with a review and tips about researching TrustZone based OS's and interfaces, as well a comparison and research tips for the Mobile/Dekstop/Server Operating Systems vs. the IoT operating systems (closed source/proprietary, Zephyr, Android Things, and bridge OS).
As time permits, we will give invaluable tips of transforming your assembly and reverse engineering skills to ARM research, and display some demos of such concepts. We will also display some demos.
By the end of this talk, the attendee will have a clear understanding of the commonalities and differences of security research in Android, MacOS (iOS) future MacOS (MacOS), embedded/IoT, microprocessors and microcontrollers, and will have the tools to jump-start their research efforts of the broad and dominating world of ARM security.
x86 researchers, hardware engineers interested in software security research an bring up, security personnel who wants to have a clearer picture of the broad ARM products and research world.
About Ron Munitz
Ron Munitz, Founder and CEO of The PSCG, is a parallel entrepreneur, specializing in Operating System internals and Embedded Software.
His experience ranges from esoteric real-time operating systems to anything Unix/Linux flavoured, with renowned expertise on the Linux kernel and Android ecosystem, having trained thousands of engineers for The PSCG and the Linux Foundation*.
When not training and consulting with the PSCG, Ron oversees multiple ventures led by some of the most competent minds in the world, as the managing director of PSCG Holdings LTD.
*The PSCG is an authorized training partner in APAC of the Linux Foundation.