Overview
Explore a comprehensive talk on fuzzing Trusted Execution Environments (TEEs) in embedded systems using AFL (American Fuzzy Lop). Delve into the increasing complexity and potential vulnerabilities of TEEs as they take on more security-critical tasks. Learn about a syzkaller-inspired fuzzing framework for OP-TEE that utilizes an unmodified version of AFL with coverage tracking integrated into the TEE kernel. Discover the challenges of fuzzing a non-virtualized trusted operating system on an actual device and how to overcome them. Gain insights into creating effective initial inputs for AFL seeding. Understand how this approach can be applied to various trusted operating systems beyond OP-TEE. Presented by Martijn Bogaard, a Senior Security Analyst at Riscure, this talk offers valuable knowledge for those interested in embedded systems security, hardware security, and low-level software analysis.
Syllabus
Fuzzing Embedded (Trusted) Operating Systems Using AFL | Martijn Bogaard | nullcon Goa 2019
Taught by
nullcon