SelMon: reinforcing mobile device security with self-protected trust anchor

Higher privileged trust anchors such as thin hypervisors and Trust-Zone have been adopted to protect mobile OSs. For instance, the Samsung Knox security platform implements a kernel integrity monitor based on a hardware-assisted virtualization technique for 64-bit devices. Although it protects the OS kernel integrity, the monitoring platform itself can be a target of attackers if it encompasses exploitable bugs. In this paper, we propose SelMon, a portable way of self-protecting kernel integrity monitors without introducing another higher privileged trust anchor. To this end, we first logically separate the regions of the integrity monitor into two parts: privileged and non-privileged regions. Then, we ensure that only the privileged region code can access the critical data objects that can be exploited to compromise the monitor integrity (e.g., the hypervisor page table). The non-critical operations in terms of preserving the monitor integrity are conducted in the non-privileged region. In addition to the privilege separation, we also illustrate how to utilize the general hardware features, watchpoint and data execution prevention (DEP), to ensure the robustness of the separation. In the evaluation, it was found that our approach imposes a negligible overhead of 2% in the worst case with SPEC CPU2006.