SCRUTINIZER: Towards Secure Forensics on Compromised TrustZone
Yiming Zhang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Trusted Hardware and Execution
The talk "SCRUTINIZER: Towards Secure Forensics on Compromised TrustZone," presented by Fung Jan, delves into the critical challenge of performing secure and reliable forensics on **Trusted Execution Environments (TEEs)**, specifically **ARM TrustZone**, after they have been compromised. TEEs are fundamental security components in modern computing, designed to protect sensitive data and operations from the potentially compromised rich operating system. However, despite their robust design, TrustZone implementations have accumulated a significant number of vulnerabilities over the years, making them susceptible to attack.
AI review
Solid systems security research that solves a real, under-addressed problem: how do you forensically analyze a TEE that's already compromised and designed to resist inspection? The ARM CCA root-world angle is timely and the technical contributions — grafting for page table reuse, PMU-assisted instruction-level traps, GPC-enforced hardware isolation — are concrete and non-trivial. The 20x performance gain over INA is the kind of benchmark that makes a paper credible.