针对ARM安全监视器的模糊测试方法研究

Research on Fuzz Testing Method for ARM Secure Monitor

在基于TrustZone的可信执行环境中,ARM安全监视器作为核心组件运行于最高特权级,并且在不同供应商之间通用,其可靠性是整个系统安全性的基础。然而,目前缺乏对安全监视器进行自动化测试的方法,因此提出了一种对ARM的安全监视器进行覆盖率引导的模糊测试方法。该方法首先将调用参数分为三类,针对不同参数类型采用不同的处理方法,处理后的调用信息按照预设的文件格式存储,生成初始的种子文件库。其次,结合调用信息,将种子文件分块处理,实现结构化变异。此外,在用户系统环境中添加代理和驱动程序,实现对测试用例的解析和执行。在安全监视器的开源项目上评估了该测试方法,发现了5个唯一性崩溃。该评估表明,模糊测试是测试ARM安全监视器的一种可行且有益的方法。

In a TrustZone-based trusted execution environment,the ARM secure monitor runs as a core component at the highest privilege level.It is commonly used across different vendors,making its reliability the foundation of the entire system's security.However,there is currently a lack of automated testing methods for the secure monitor.Therefore,this paper proposes a coverage-guided fuzz testing method for the ARM secure monitor.This method first categorizes the calling parameters into three types,uses different processing methods for each type and stores the processed calling information in a preset file format to generate the initial seed corpus.Then,combined with the calling information,the seed files are segmented and structurally mutated.An agent and driver program are added to the user system environment to parse and execute test cases.This paper implements the proposed method and evaluates it on an open-source secure monitor project,resulting in the discovery of five unique crashes.The findings demonstrate that fuzz testing is a feasible and beneficial approach for testing the ARM secure monitor.