SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices
Qinying Wang, Boyu Chang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 4
The rapid proliferation of Internet of Things (IoT) devices has underscored the critical need for robust security mechanisms to protect sensitive data and operations. Trusted Execution Environments (TEEs) have emerged as a cornerstone of IoT security, providing an isolated and secure space for critical applications and data, shielded from potential attacks originating in the untrusted "normal world." However, the security of the **Trusted Operating System (TOS)**, the foundational component within the TEE, is paramount; vulnerabilities in the TOS can compromise the entire secure environment, leading to system-wide crashes, data leakage, or even full system control by an attacker.
AI review
SyzTrust presents a groundbreaking state-aware fuzzing framework specifically engineered for resource-constrained IoT Trusted Operating Systems. Its novel hardware-in-the-loop design and state inference techniques enabled the discovery of 70 zero-days and 19 high-severity CVEs in commercial TEEs, demonstrating a critical advancement in securing foundational IoT components. This is real work, solving a hard problem with significant real-world impact.