CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight
Trusted execution environments (TEE) are deployed on many platforms to provide both confidentiality and integrity, and their extensive use offers a secure environment for privacy-sensitive operations. Despite TEE prevalence in the smartphone and tablet market, vulnerability research into TEE security is relatively rare. This is, in part, due to the strong isolation guarantees provided by its implementation. In this paper, we propose a hardware assisted fuzzing framework, CROWBAR, that bypasses TEE isolation to natively evaluate trusted applications (TAs) on mobile devices by leveraging ARM CoreSight components. CROWBAR performs feedback-driven fuzzing on commercial, closed source TAs while running in a TEE protected environment. We implement CROWBAR on 2 prototype commercial-off-the-shelf (COTS) smartphones and one development board, finding 3 unique crashes in 5 closed source TAs that are previously unreported in the TrustZone fuzzing literature.
- Sponsoring Organization:
- USDOE
- Grant/Contract Number:
- SC0018430
- OSTI ID:
- 1985308
- Journal Information:
- Journal of Hardware and Systems Security, Journal Name: Journal of Hardware and Systems Security Journal Issue: 2-3 Vol. 7; ISSN 2509-3428
- Publisher:
- Springer Science + Business MediaCopyright Statement
- Country of Publication:
- Country unknown/Code not available
- Language:
- English
Understanding the Security of ARM Debugging Features
|
conference | May 2019 |
Fuzzing: State of the Art
|
journal | September 2018 |
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
|
conference | May 2016 |
Demystifying Arm TrustZone
|
journal | November 2019 |
SoK: Enabling Security Analyses of Embedded Systems via Rehosting
|
conference | May 2021 |
Similar Records
Performance Analysis of Scientific Computing Workloads on Trusted Execution Environments
Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes