Author:
Shan Haoqi,Huang Moyao,Liu Yujia,Nissankararao Sravani,Jin Yier,Wang Shuo,Sullivan Dean
Abstract
AbstractTrusted execution environments (TEE) are deployed on many platforms to provide both confidentiality and integrity, and their extensive use offers a secure environment for privacy-sensitive operations. Despite TEE prevalence in the smartphone and tablet market, vulnerability research into TEE security is relatively rare. This is, in part, due to the strong isolation guarantees provided by its implementation. In this paper, we propose a hardware assisted fuzzing framework, CROWBAR, that bypasses TEE isolation to natively evaluate trusted applications (TAs) on mobile devices by leveraging ARM CoreSight components. CROWBAR performs feedback-driven fuzzing on commercial, closed source TAs while running in a TEE protected environment. We implement CROWBAR on 2 prototype commercial-off-the-shelf (COTS) smartphones and one development board, finding 3 unique crashes in 5 closed source TAs that are previously unreported in the TrustZone fuzzing literature.
Funder
U.S. Department of Energy
Publisher
Springer Science and Business Media LLC
Subject
General Engineering,Energy Engineering and Power Technology
Reference22 articles.
1. Ltd A. System IP. https://www.arm.com/products/silicon-ip-system. (Date last Access 28 July 2022)
2. Fasano A, Ballo T, Muench M, Leek T, Bulekov A, Dolan-Gavitt B, Egele M, Francillon A, Lu L, Gregory N et al (2021) Sok: Enabling security analyses of embedded systems via rehosting. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 687–701
3. Liang H, Pei X, Jia X, Shen W, Zhang J (2018) Fuzzing: State of the art. IEEE Trans Reliab 67(3):1199–1218
4. Harrison L, Vijayakumar H, Padhye R, Sen K, Grace M (2020) Partemu: Enabling dynamic analysis of real-world trustzone software using emulation. In: Proceedings of the 29th USENIX Conference on Security Symposium. SEC’20. USENIX Association, USA
5. Busch M, Machiry A, Spensky C, Vigna G, Kruegel C, Payer M (2023) Teezz: Fuzzing trusted applications on cots android devices. In: 2023 2023 IEEE Symposium on Security and Privacy (SP) (SP), pp. 220–235. IEEE Computer Society, Los Alamitos, CA, USA. https://doi.org/10.1109/SP46215.2023.00013. https://doi.ieeecomputersociety.org/10.1109/SP46215.2023.00013
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. LightEMU: Hardware Assisted Fuzzing of Trusted Applications;2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST);2024-05-06
2. High Throughput Hardware Accelerated CoreSight Trace Decoding;2024 Design, Automation & Test in Europe Conference & Exhibition (DATE);2024-03-25
3. Armor: Protecting Software Against Hardware Tracing Techniques;IEEE Transactions on Information Forensics and Security;2024