LightEMU: Hardware Assisted Fuzzing of Trusted Applications.
CoRR(2023)
摘要
Trusted Execution Environments (TEEs) are deployed in many CPU designs
because of the confidentiality and integrity guarantees they provide. ARM
TrustZone is a TEE extensively deployed on smart phones, IoT devices, and
notebooks. Specifically, TrustZone is used to separate code execution and data
into two worlds, normal world and secure world. However, this separation
inherently prevents traditional fuzzing approaches which rely upon
coverage-guided feedback and existing fuzzing research is, therefore, extremely
limited. In this paper, we present a native and generic method to perform
efficient and scalable feedback-driven fuzzing on Trusted Applications (TAs)
using ARM CoreSight. We propose LightEMU, a novel fuzzing framework that allows
us to fuzz TAs by decoupling them from relied TEE. We argue that LightEMU is a
promising first-stage approach for rapidly discovering TA vulnerabilities prior
to investing effort in whole system TEE evaluation precisely because the
majority of publicly disclosed TrustZone bugs reside in the TA code itself. We
implement LightEMU and adapt it to Teegris, Trusty, OP-TEE and QSEE and
evaluate 8 real-world TAs while triggering 3 unique crashes and achieving x10
time speedup when fuzzing TAs using the state-of-the-art TrustZone fuzzing
framework.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要