Fuzzing of PKCS#11 Trusted Application

University essay from Lunds universitet/Institutionen för elektro- och informationsteknik

Abstract: The main goal of this thesis is to find an effective way to fuzz trusted applications (TAs) with source code residing in trusted execution environment (TEE). While fuzzing TAs has been previously done, no work has been found to utilize the source code of TAs to improve the fuzzing. Utilizing the source code in fuzzing can lead to an increase in code coverage compared to black-box fuzzing, and therefore could be more effective in testing critical parts of the software. This might inspire people to develop similar fuzzing techniques on TAs running on OP-TEE or other TEEs. The fuzzing target will be the TA implementation of the Public-Key Cryptography Standard 11 (PKCS#11) currently developed by STMicroelectronics and Linaro. The TA is complex, and no previous documents on any extensive security testing on the PKCS#11 TA has been found. The TA source code is also available to the public, which can be utilized by certain fuzzing techniques to empower the fuzzing process. The focus of the project will not solely be to fuzz the PKCS#11 TA specifically, but also a method to fuzz TAs in general. The following list summarizes the goals of the project: • Implement a proof of concept on how to fuzz a TA running on OP-TEE using fuzzing technique that takes advantage of available source code. • Explore how to build an effective fuzzing harness which bridges the gap between the fuzzer and target expected input. The harness will also setup the necessary state of the target. The solution provided in this thesis uses various external tools and projects to host, perform fuzz testing and provide insight on the target TA. The fuzzing process is able to explore deeper into the target and provide information related to bugs, code coverage and other fuzzing relevant information. However, in order to have a better fuzzing experience, certain highlighted problems of the project still needs attention. While the current state of the solution is not perfect, it is enough to serve as a proof of concept.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)