Trusted Execution Environments (TEEs) embedded in IoT devices provide a deployable solution for securing IoT applications at the hardware level. However, Trusted OSes for IoT devices have received little security analysis, which is challenging due to their complex data structures and closed-source nature. SYZTRUST is the first state-aware fuzzing framework designed for vetting the security of resource-limited Trusted OSes. SYZTRUST uses a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices, tracking state, and code coverage non-invasively. In tests on Trusted OSes from three major vendors, SYZTRUST demonstrated significant improvements in code coverage, state coverage, and vulnerability-finding capability, discovering 70 previously unknown vulnerabilities.
Publication date: 28 Sep 2023
Project Page: Not provided
Paper: https://arxiv.org/pdf/2309.14742