Research on Fuzz Testing Method for ARM Secure Monitor
In a TrustZone-based trusted execution environment,the ARM secure monitor runs as a core component at the highest privilege level.It is commonly used across different vendors,making its reliability the foundation of the entire system's security.However,there is currently a lack of automated testing methods for the secure monitor.Therefore,this paper proposes a cover-age-guided fuzz testing method for the ARM secure monitor.This method first categorizes the calling parameters into three types,uses different processing methods for each type and stores the processed calling information in a preset file format to generate the initial seed corpus.Then,combined with the calling information,the seed files are segmented and structurally mutated.An agent and driver program are added to the user system environment to parse and execute test cases.This paper implements the proposed method and evaluates it on an open-source secure monitor project,resulting in the discovery of five unique crashes.The findings demonstrate that fuzz testing is a feasible and beneficial approach for testing the ARM secure monitor.
NETL
NSTL
万方数据
