摘要
随着移动互联网的迅猛发展,TEE在移动终端上的应用也越发广泛,然而各种关于TEE的漏洞层出不穷,为可信应用的安全性埋下了隐患,因此从模糊测试技术的简要原理出发,介绍模糊测试技术应用在TEE安全测评中的可行性思路与实现。在实际的安全评测中,使用模糊测试技术在TEE安全评测中发现了不少潜在的问题,API模糊测试已成为TEE安全测评过程中必不可少的重要组成部分。
With the rapid development of mobile Internet, the Trusted Execution Environment (TEE) has been widely applied in mobile terminal devices. However, security issues of TEE grow continually resulting in the potential risk to the trusted application. Based on the principle of fuzz test, the feasible idea and implementation of fuzz test technology in the TEE security evaluation were introduced. In the actual security test, the use of fuzz test technology finds out some potential problems in the TEE security evaluation. API fuzz test becomes the indispensable component in the process of TEE security evaluation.
出处
《移动通信》
2017年第21期1-5,共5页
Mobile Communications
