Title:  CLKSCREW: Exposing the Perils of Security-Oblivious EnergyManagement.

Abstract:
The need for power- and energy-efficient computing hasresulted in aggressive cooperative
hardware-software en-ergy  management  mechanisms  on  modern  commoditydevices.   Most
systems today,  for example,  allow soft-ware to control the frequency and voltage of the
under-lying hardware at a very fine granularity to extend bat-tery life.  Despite their benefits,
these software-exposedenergy management mechanisms pose grave security im-plications that
have not been studied before.

In  this  work,   author  present  the  CLKSCREWattack, a  new  class  of  fault  attacks  
that  exploit  the  security-obliviousness  of  energy  management  mechanisms  tobreak
security.  A novel benefit for the attackers is thatthese fault attacks become more accessible
since they cannow be conducted without the need for physical access tothe devices or fault
injection equipment. We demonstrateCLKSCREWon commodity ARM/Android devices. Weshow that a
malicious kernel driver (1) can extract secretcryptographic keys from Trustzone, and (2) can
escalateits privileges by loading self-signed code into Trustzone.As the first work to show
the security ramifications of en-ergy management mechanisms, we urge the communityto re-examine
these security-oblivious designs.