CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight
نویسندگان
چکیده
Abstract Trusted execution environments (TEE) are deployed on many platforms to provide both confidentiality and integrity, their extensive use offers a secure environment for privacy-sensitive operations. Despite TEE prevalence in the smartphone tablet market, vulnerability research into security is relatively rare. This is, part, due strong isolation guarantees provided by its implementation. In this paper, we propose hardware assisted fuzzing framework, CROWBAR, that bypasses natively evaluate trusted applications (TAs) mobile devices leveraging ARM CoreSight components. CROWBAR performs feedback-driven commercial, closed source TAs while running protected environment. We implement 2 prototype commercial-off-the-shelf (COTS) smartphones one development board, finding 3 unique crashes 5 previously unreported TrustZone literature.
منابع مشابه
Automatic Detection of Vulnerabilities in Web Applications using Fuzzing
Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...
متن کاملNATIVELY VS . NON - NATIVELY COMPILED THREADED ANDROID APPLICATIONS A comparative study on time - efficiency
The aim of this work is to investigate whether threaded Android-applications written in C or C++ are more time-efficient than applications written in Java. The first part of the work was to perform a literature analysis in order to find out which types of algorithms were used in previous studies comparing the performance between non-threaded Android-applications written in Java and C/C++. Anoth...
متن کاملBuilding a Trusted Path for Applications Using COTS Components
Client computers are often a weak link in a technical network infrastructure. Increasing the security of client systems and applications against malicious software attacks increases the security of the network as a whole. Our work solves in tegrity and authenticity of input, confidentiality, integrity and authenticity of output. We present components to integrate a trusted path into an applicat...
متن کاملTrusted Ticket Systems and Applications
Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users’ privacy. We construct a ticket system, a concept at the heart...
متن کاملTrusted Computing: Security and Applications
The main objective of this paper is to highlight some of the major security and application issues confronting trusted computing technology. This technology, now present in a large proportion of new PCs and incorporating a wide range of cryptographic functionality, has the potential to have a major practical impact, but has not been widely discussed. This paper is an attempt to encourage greate...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of hardware and systems security
سال: 2023
ISSN: ['2509-3436', '2509-3428']
DOI: https://doi.org/10.1007/s41635-023-00133-3