Litcius/Paper detail

TrustedGateway: TEE-Assisted Routing and Firewall Enforcement Using ARM TrustZone

Fabian Schwarz

202210 citationsDOIOpen Access PDF

Abstract

Gateway routers are at the heart of every network infrastructure, interconnecting subnetworks and enforcing access control policies using firewalls. However, their central position makes them high-value targets for network compromises. Typically, gateways are erroneously assumed to be hardened against software vulnerabilities (“bastion host”). In fact, though, they inherit the attack surface of their underlying commodity OSes which together with the wealth of auxiliary services available on both consumer and enterprise gateways—web and VoIP, file sharing, remote logins, monitoring, etc.—undermines this belief. This is underlined by a plethora of recent CVEs for commodity OSes and services of popular routers which resulted in authentication bypass or remote code execution thus enabling attackers full control over their security policies.

Topics & Concepts

Firewall (physics)Computer scienceVoice over IPComputer networkComputer securityServerOperating systemThe InternetBusinessSchwarzschild radiusAccretion (finance)Charged black holeFinanceSecurity and Verification in ComputingAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection