- Riscure (Martijn B) has created a fuzzer tool for OP-TEE. It has been successfully used to find a couple of potential security issues in OP-TEE.
- As of today the tool is quite invasive in terms of making changes to the current OP-TEE source code.
- In this session we would like to discuss whether there is anything we can do make the fuzzer code closer to upstream.
SAN19-225 Fuzzing embedded (trusted)
Joakim BechView website
Principal Engineer Security (Linaro)
Joakim has been a Linux user for about 15 years where he spent most of the time in his professional career working with security for embedded devices. The last five years he has been heading Security Working Group in Linaro who are working with various upstream projects related to Security where OP-TEE is one of the key projects for that group.
Senior Security Analyst at Riscure (Riscure)
Martijn Bogaard is a Senior Security Analyst at Riscure where he focuses most of his time on analyzing the security of low-level embedded software (bootloaders, operating systems) and is slowly expanding into embedded hardware security. Recent research interests include the effects of fault injection on software, TEE (in-)security and levering the hardware to attack software.