Electronics, Vol. 14, Pages 1674: TeeDFuzzer: Fuzzing Trusted Execution Environment

Electronics doi: 10.3390/electronics14081674

Authors:
Sheng Wen
Liam Xu
Liwei Tian
Suping Liu
Yong Ding

The Trusted Execution Environment (TEE) is crucial for safeguarding the ecosystem of embedded systems. It uses isolation to minimize the TCB (Trusted Computing Base) and protect sensitive software. It is vital because devices handle vast, potentially sensitive data. Leveraging ARM TrustZone, widely used in mobile and IoT for TEEs, it ensures hardware protection via security extensions, though needing firmware and software stack support. Despite the reputation of TEEs for high security, TrustZone-aided ones have vulnerabilities. Fuzzing, as a practical bug-finding technique, has seen limited research in the context of TEE. The unique software architecture of TrustZone-assisted TEE complicates the direct application of traditional fuzzing methods. Moreover, simplistic approaches, such as feeding random input values into TEE through the API functions of the rich operating system, fail to uncover deeper, latent bugs within the TEE code. In this paper, we present a fuzzing strategy for TrustZone-assisted TEE that utilizes inferred dependencies between Trusted Kernel system calls to uncover deep-seated TEE bugs. We implemented our approach on OP-TEE, where it successfully identified 17 crashes, including one previously undetected kernel bug.

Source link

Sheng Wen www.mdpi.com