| Summary: | As mobile devices increasingly handle security-sensitive tasks, Trusted Execution Environments (TEEs) have become essential for providing secure enclaves. TrustZone, a popular technology for creating TEEs, allows Trusted Applications (TAs) to run with highly restricted communication interfaces. However, the isolated nature of TrustZone makes it challenging to test TA security, which is a crucial task given that TA vulnerabilities could compromise the entire system. Existing TrustZone fuzzing methods require substantial reverse engineering and implementation efforts, making them difficult to integrate into the development process. In this paper, we introduce DTA, a framework that enables the use of existing fuzzers for TA fuzzing. DTA’s design includes procedures for relocating TAs outside the secure world, implementing an alternative context switch mechanism, and delegating secure world system calls to a proxy handler. Our approach has proven effective in identifying crashes in vulnerable TAs using AFL++, and we provide an evaluation of the overhead breakdown and a comparison with other methods. In conclusion, DTA offers a more comprehensive solution for incorporating fuzz testing into the TA development cycle.
|
|---|