Date of Award

Fall 2024

Project Type

Thesis

Program or Major

Electrical and Computer Engineering

Degree Name

Master of Science

First Advisor

Dean Sullivan

Second Advisor

John R. LaCourse

Third Advisor

Diliang Chen

Abstract

Trusted Execution Environments (TEEs) are essential for secure computing across mobile devices, cloud platforms, and IoT, yet they remain vulnerable to exploits. This thesis presents a novel approach to enhancing TEE security through automated vulnerability classification and advanced fuzzing techniques. The research first introduces an innovative methodology for classifying vulnerabilities into Trusted Applications (TA), TrustZone Operating Systems (TZOS), and general categories using machine learning algorithms such as Random Forest, J48, Naive Bayes, Multilayer Perceptron, and Support Vector Machines. Evaluating these on a dataset of 750 vulnerabilities from the NIST database demonstrates accurate characterization and improved efficiency over manual methods. The second part applies advanced fuzzing techniques, as shown in CROWBAR and LightEMU case studies, effectively uncovering vulnerabilities independent of TrustZone hardware and software. This integrated approach enhances TEE security by reducing undetected vulnerabilities by 30\%, providing stakeholders with actionable data for system maintenance, and offering applications in industries like automotive, healthcare, and financial services.

Share

COinS