[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-31239":3,"doc-seo-31239":26},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":4,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":20,"language":21,"table_of_contents":22,"faqs":23,"seo_title":13,"seo_description":14,"update_tm":24,"read_time":25},31239,5909877438554,"Maeve","https://ap-avatar.wpscdn.com/avatar/5600025385ad2bf12a7?_k=1778553567797529272",8,"Research & Report","Fuzzing Trusted Execution Environments with Rust","Fuzzing is a software testing technique that discovers bugs by executing target programs with randomly generated inputs, exposing abnormal behaviors such as crashes. This paper presents a fuzzing framework built to test Trusted Execution Environments (TEEs). The approach translates fuzzer outputs into sequences of system calls and seeds the fuzzer via reverse translation from code snippets using a single API specification. Iterative API specification traversal, dependency inspection, and judicious object reuse strengthen bug-finding capability. A Rust proc macro processes the API, while a customized QEMU enables efficient stateful TEE execution, evaluated on OP-TEE with multiple configurations.","cbCaid0JWUUZRSr9","https://ap.wps.com/l/cbCaid0JWUUZRSr9","pdf",720258,1,17,"English","# Abstract\n# Introduction\n## Trusted Execution Environment\n## Fuzzing\n## The Rust programming language","[{\"question\":\"What is the goal of fuzzing in this paper?\",\"answer\":\"The goal is to uncover bugs by running a target with random inputs and observing abnormal behaviors such as crashes or other violations.\"},{\"question\":\"How does the framework use Rust in its fuzzing workflow?\",\"answer\":\"Rust powers both a two-way code generation process—converting fuzzer outputs to system-call sequences and performing reverse translation to seed the fuzzer—while a Rust proc macro processes the API specification.\"},{\"question\":\"Why is QEMU customized for testing TEEs?\",\"answer\":\"The customization enables efficient stateful execution of TEEs during fuzzing so the system can maintain and transition execution state reliably.\"}]",1779224486,43,{"code":4,"msg":27,"data":28},"ok",{"site_id":29,"language":30,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":84,"head_meta":86,"extra_data":88,"updated_unix":24},105,"en","fuzzing-trusted-execution-environments-with-rust","",{"@graph":34,"@context":83},[35,52,66],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/fuzzing-trusted-execution-environments-with-rust/31239/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-05-19",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69,75,79],{"name":70,"@type":71,"acceptedAnswer":72},"What is the goal of fuzzing in this paper?","Question",{"text":73,"@type":74},"The goal is to uncover bugs by running a target with random inputs and observing abnormal behaviors such as crashes or other violations.","Answer",{"name":76,"@type":71,"acceptedAnswer":77},"How does the framework use Rust in its fuzzing workflow?",{"text":78,"@type":74},"Rust powers both a two-way code generation process—converting fuzzer outputs to system-call sequences and performing reverse translation to seed the fuzzer—while a Rust proc macro processes the API specification.",{"name":80,"@type":71,"acceptedAnswer":81},"Why is QEMU customized for testing TEEs?",{"text":82,"@type":74},"The customization enables efficient stateful execution of TEEs during fuzzing so the system can maintain and transition execution state reliably.","https://schema.org",{"og:url":50,"og:type":85,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":87,"canonical":50},"index,follow",{"doc_id":7,"site_id":29}]