DTA: Run TrustZone TAs Outside the Secure World for Security Testing
As mobile devices increasingly handle security-sensitive tasks, Trusted Execution Environments (TEEs) have become essential for providing secure enclaves. TrustZone, a popular technology for creating TEEs, allows Trusted Applications (TAs) to run with highly restricted communication interfaces. Howe...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10414070/ |
| _version_ | 1797323881340469248 |
|---|---|
| author | Juhyun Song Eunji Jo Jaehyu Kim |
| author_facet | Juhyun Song Eunji Jo Jaehyu Kim |
| author_sort | Juhyun Song |
| collection | DOAJ |
| description | As mobile devices increasingly handle security-sensitive tasks, Trusted Execution Environments (TEEs) have become essential for providing secure enclaves. TrustZone, a popular technology for creating TEEs, allows Trusted Applications (TAs) to run with highly restricted communication interfaces. However, the isolated nature of TrustZone makes it challenging to test TA security, which is a crucial task given that TA vulnerabilities could compromise the entire system. Existing TrustZone fuzzing methods require substantial reverse engineering and implementation efforts, making them difficult to integrate into the development process. In this paper, we introduce DTA, a framework that enables the use of existing fuzzers for TA fuzzing. DTA’s design includes procedures for relocating TAs outside the secure world, implementing an alternative context switch mechanism, and delegating secure world system calls to a proxy handler. Our approach has proven effective in identifying crashes in vulnerable TAs using AFL++, and we provide an evaluation of the overhead breakdown and a comparison with other methods. In conclusion, DTA offers a more comprehensive solution for incorporating fuzz testing into the TA development cycle. |
| first_indexed | 2024-03-08T05:34:34Z |
| format | Article |
| id | doaj.art-0469566c7c1b4cda89bbd640f69281c0 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-03-08T05:34:34Z |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-0469566c7c1b4cda89bbd640f69281c02024-02-06T00:01:21ZengIEEEIEEE Access2169-35362024-01-0112167151672710.1109/ACCESS.2024.335861210414070DTA: Run TrustZone TAs Outside the Secure World for Security TestingJuhyun Song0https://orcid.org/0009-0000-2056-1452Eunji Jo1Jaehyu Kim2Department of Computer Science and Engineering, Korea University, Seoul, South KoreaSamsung Electronics, Hwasung-si, South KoreaSamsung Electronics, Hwasung-si, South KoreaAs mobile devices increasingly handle security-sensitive tasks, Trusted Execution Environments (TEEs) have become essential for providing secure enclaves. TrustZone, a popular technology for creating TEEs, allows Trusted Applications (TAs) to run with highly restricted communication interfaces. However, the isolated nature of TrustZone makes it challenging to test TA security, which is a crucial task given that TA vulnerabilities could compromise the entire system. Existing TrustZone fuzzing methods require substantial reverse engineering and implementation efforts, making them difficult to integrate into the development process. In this paper, we introduce DTA, a framework that enables the use of existing fuzzers for TA fuzzing. DTA’s design includes procedures for relocating TAs outside the secure world, implementing an alternative context switch mechanism, and delegating secure world system calls to a proxy handler. Our approach has proven effective in identifying crashes in vulnerable TAs using AFL++, and we provide an evaluation of the overhead breakdown and a comparison with other methods. In conclusion, DTA offers a more comprehensive solution for incorporating fuzz testing into the TA development cycle.https://ieeexplore.ieee.org/document/10414070/Trusted application (TA)trusted execution environment (TEE)fuzzingOP-TEE |
| spellingShingle | Juhyun Song Eunji Jo Jaehyu Kim DTA: Run TrustZone TAs Outside the Secure World for Security Testing IEEE Access Trusted application (TA) trusted execution environment (TEE) fuzzing OP-TEE |
| title | DTA: Run TrustZone TAs Outside the Secure World for Security Testing |
| title_full | DTA: Run TrustZone TAs Outside the Secure World for Security Testing |
| title_fullStr | DTA: Run TrustZone TAs Outside the Secure World for Security Testing |
| title_full_unstemmed | DTA: Run TrustZone TAs Outside the Secure World for Security Testing |
| title_short | DTA: Run TrustZone TAs Outside the Secure World for Security Testing |
| title_sort | dta run trustzone tas outside the secure world for security testing |
| topic | Trusted application (TA) trusted execution environment (TEE) fuzzing OP-TEE |
| url | https://ieeexplore.ieee.org/document/10414070/ |
| work_keys_str_mv | AT juhyunsong dtaruntrustzonetasoutsidethesecureworldforsecuritytesting AT eunjijo dtaruntrustzonetasoutsidethesecureworldforsecuritytesting AT jaehyukim dtaruntrustzonetasoutsidethesecureworldforsecuritytesting |