T\"AMU: Emulating Trusted Applications at the (GlobalPlatform)-API Layer
Philipp Mao, Li Shi, Marcel Busch, Mathias Payer
TL;DR
T"AMU is a rehosting platform that enables dynamic analysis of Trusted Applications in TEEs by emulating their API layer, uncovering vulnerabilities and improving security testing across diverse mobile TEEs.
Contribution
It introduces T"AMU, a novel platform for dynamic analysis of TAs through API layer emulation, leveraging GlobalPlatform standards and high-level emulation techniques.
Findings
Discovered 17 zero-day vulnerabilities in 11 TAs
Emulated 67 TAs across four TEEs successfully
Enabled dynamic analysis where static analysis was previously dominant
Abstract
Mobile devices rely on Trusted Execution Environments (TEEs) to execute security-critical code and protect sensitive assets. This security-critical code is modularized in components known as Trusted Applications (TAs). Vulnerabilities in TAs can compromise the TEE and, thus, the entire system. However, the closed-source nature and fragmentation of mobile TEEs severely hinder dynamic analysis of TAs, limiting testing efforts to mostly static analyses. This paper presents T\"AMU, a rehosting platform enabling dynamic analysis of TAs, specifically fuzzing and debugging, by interposing their execution at the API layer. To scale to many TAs across different TEEs, T\"AMU leverages the standardization of TEE APIs, driven by the GlobalPlatform specifications. For the remaining TEE-specific APIs not shared across different TEEs, T\"AMU introduces the notion of greedy high-level emulation, a…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Software Testing and Debugging Techniques · Advanced Malware Detection Techniques