Work in progress: Exploring schedule-based side-channels in TrustZone-enabled real-time systems

Abstract

Our research demonstrates the existence of side-channel information leaks in TrustZone-enabled real-time systems. Our algorithm can infer the critical tasks’ arrival times and pinpoint when the system switches between regular and secure execution modes. By precisely obtaining such timing information, an adversary could infer the task execution patterns inside the secure system — thus putting the system’s safety, security, and integrity at risk. Considering that secure enclaves such as TrustZone are used for executing security-critical functionalities, our findings will help designers be aware of side-channel vulnerabilities and assist them in designing better, leakage-proof systems.