Blog

Ensuring TEE security: common automated security testing


Christian DAMOUR, Head of Marketing – Security at FIME and Chair of the TEE Attack Expert Working Group




Standardized security certification of trusted execution environment (TEE) products is a big step forward. Accredited labs can already perform thorough security evaluations and the process is set to be even quicker, as part of the security review is set to be automated.


Which security tests are being automated?


There are three classes of API tests common automated testing: fuzzing, abuse testing and memory (de)allocation testing.


Why automate?


The goal of automated testing of the TEE API is to provide a common, repeatable basis for the vulnerability analysis of GlobalPlatform functional compliant products. This will help focus the need for human involvement on vulnerability analysis, speeding up the security evaluation and time to market.


What are the goals for each of these automated tests?


  • TEE API fuzzing tests are used to check that the TEE withstands some invalid parameters that have been randomly chosen among a finite set, while preserving a secure state.

  • TEE API abuse tests are used to check that the TEE withstands some unusual command sequences and some invalid parameters while preserving a secure state.

  • TEE memory (de)allocation testing ensures that the TEE performs as expected when subjected to stress testing and memory saturation.

The industry has come a long way in the last year but there is much still to be done. This topic will be discussed, and more, on 13 October in Santa Clara. We look forward to seeing you there. Also, don’t forget to come to the FIME demonstration table to receive an introduction to our GlobalPlatform-qualified TEE test tool, Global Device.





 

FEE TO ATTEND
Welcome coffee, lunch and the cocktail reception are included in the below fees.

GlobalPlatform Members

  • Members can send up to 3 employees to the event for free.
  • US$99 (700 CNY) for each additional member.

Non-members:

Early bird registration fee
by 25 August 2017:

US$199
(1399 CNY)

After 25 August 2017, the registration fee is:

US$299
(2100 CNY)




TEE TRAINING REGISTRATION
A TEE instructor-led training session is available 13-14 September. The course, given in English language, is open to both GlobalPlatform members and non-members. It is designed to improve knowledge of the TEE specifications, efficient implementation, and effective use a TEE environment.  Learn more

 




Quick Links
Connect With Us
 

Become a member of GlobalPlatform. Influence the future direction of TEE Specifications, learn and discuss mobile security best practice solutions, enhance your global positioning within the TEE ecosystem. Join now.

Privacy / Use Policy | Copyright © 2017 GlobalPlatform. All Rights Reserved