Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation

Zheng, Yaowen; Li, Yuekang; Zhang, Cen; Zhu, Hongsong; Liu, Yang; Sun, Limin

doi:10.1145/3533767.3534414

Cited by 25 publications

(46 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Examples of general-purpose embedded systems include Linux-based IoT devices and embedded Windows OS. Although many related studies [3,4,8,9] have focused on these systems because of their similarity with existing desktop programs, several challenges remain such as emulation instability and specific input generation for testing. Special-purpose embedded systems also have an OS.…”

Section: General-purpose Embedded Systems (Type-1)mentioning

confidence: 99%

“…In addition, because considerable firmware is similar to existing software, traditional software testing techniques can be easily applied to the firmware inside the emulation environment. Thus, many emulation frameworks [3][4][5][6][7][8][9] have demonstrated their practicality by combining the fuzzing technique that is effective in finding unexpected vulnerabilities and is capable of automatic analysis. Therefore, we designed and implemented an emulation framework that combines fuzzing as a testing technique.…”

Section: Introductionmentioning

confidence: 99%

“…However, firmware emulation studies have only focused on MIPS and ARM architectures. Firm-AFL [3], an augmented process emulation framework, can only emulate MIPS and ARM architectures, and P2IM [5] is an emulation framework specialized for modeling peripherals with support only for the analysis of ARM series architectures. Quick emulator (QEMU) [12] supports the emulation of some exotic firmware architectures, but operating QEMU [12] is a challenge because it supports manual emulation, not automation.…”

Section: Introductionmentioning

confidence: 99%

“…Third, most IoT programs should receive inputs that construct a fixed data format such as a packet. In Firm-AFL [3], keywords that reference values used for fuzzing have been collected using a manual analysis and subsequently passed to the fuzzer. This approach is expensive and requires considerable human resources.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing

Yu¹,

Kim²,

Lee³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation framework for multi-architecture (AEMA). In the field of automated emulation frameworks for IoT firmware testing, AEMA considers the following issues: (1) limited compatibility for exotic firmware architectures, (2) emulation instability when configuring an automated environment, and (3) shallow testing range resulting from structured inputs. To tackle these problems, AEMA can emulate not only major firmware architectures but also exotic firmware architectures not previously considered, such as Xtensa, ColdFire, and reduced instruction set computer (RISC) version five, by implementing a minority emulator. Moreover, we applied the emulation arbitration technique and input keyword extraction technique for emulation stability and efficient test case generation. We compared AEMA with other existing frameworks in terms of emulation success rates and fuzz testing. As a result, AEMA succeeded in emulating 864 out of 1,083 overall experimental firmware and detected vulnerabilities at least twice as fast as the experimental group. Furthermore, AEMA found a 0-day vulnerability in realworld IoT devices within 24 h.

show abstract

Section: General-purpose Embedded Systems (Type-1)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing

Yu¹,

Kim²,

Lee³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…Vulnerability detection is an important yet far-from-settled issue. Including some conventional techniques such as static analysis [42][43][44][45], dynamic analysis [46][47][48][142][143][144][145][146][147] and symbolic execution [49,50], many advanced works have been made by applying machine learning-based approaches. In the early works [148][149][150], security experts usually hand-crafted features and took them as the input for machine learning algorithms for detection.…”

Section: Introductionmentioning

confidence: 99%

Learning program semantics via exploring program structures with deep learning

Meng¹

View full text Add to dashboard Cite

The contributions of the co-authors are as follows:• I was the lead author. I was responsible for writing the code, drafting the manuscript and conducting all experiments.• Prof. Gao and Prof. Chen helped to polish the manuscript drafts.• Mr Yiu helped to draft the related work section in the paper.• Prof. Liu discussed the idea and provided support for the research.Chapter 4 is published as Yaqin Zhou, Shangqing Liu, Jing Kai Siow, Xiaoning Du, Yang Liu. "Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks," Advances in Neural Information Pro-

show abstract

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation

Cited by 25 publications

References 33 publications

Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing

Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing

Learning program semantics via exploring program structures with deep learning

The progress, challenges, and perspectives of directed greybox fuzzing

Contact Info

Product

Resources

About