Fuzz testing solution for trusted execution environment kernel API

• 1、School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876

Abstract：Currently, the development of Trusted Execution Environment (TEE) technology provides a secure execution space for applications, effectively safeguarding sensitive information. However, TEE itself is susceptible to security vulnerabilities. Recent studies have utilized fuzz testing techniques to detect vulnerabilities in TEEs, yet existing research lacks design schemes for generic interfaces. To address these issues, this paper proposes a fuzz testing method targeting TEE kernel API interfaces. This method designs and implements a fuzz testing framework for standard API interfaces within the Trusted Execution Environment. Additionally, to tackle the challenges of collecting and decrypting trusted applications for dependency analysis and seed generation, a seed generation method based on the Global Platform\'s TEE Internal Core API interface specification is devised and implemented.

Keywords： Basic disciplines of Computer Science and Technology Trusted Execution Environment Fuzzing