Embedded fuzzing: a review of challenges, tools, and solutions

Eisele, Max; Maugeri, M.; Shriwas, Rachna; Huth, Christopher; Bella, Giampaolo

doi:10.1186/s42400-022-00123-y

Cited by 12 publications

(2 citation statements)

References 42 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fuzzing is a technique for automatically discovering vulnerabilities in software by submitting some arbitrary combination of inputs to the test target to reveal how it responds [8,21]. Historically, first introduced by Barton Miller [22], fuzzing has since been used extensively and in diverse ways towards identifying various vulnerabilities in numerous kinds of software [9].…”

Section: Fuzzingmentioning

confidence: 99%

StructuredFuzzer: Fuzzing Structured Text-Based Control Logic Applications

Koffi,

Kampourakis,

Song

et al. 2024

Electronics

View full text Add to dashboard Cite

Rigorous testing methods are essential for ensuring the security and reliability of industrial controller software. Fuzzing, a technique that automatically discovers software bugs, has also proven effective in finding software vulnerabilities. Unsurprisingly, fuzzing has been applied to a wide range of platforms, including programmable logic controllers (PLCs). However, current approaches, such as coverage-guided evolutionary fuzzing implemented in the popular fuzzer American Fuzzy Lop Plus Plus (AFL++), are often inadequate for finding logical errors and bugs in PLC control logic applications. They primarily target generic programming languages like C/C++, Java, and Python, and do not consider the unique characteristics and behaviors of PLCs, which are often programmed using specialized programming languages like Structured Text (ST). Furthermore, these fuzzers are ill suited to deal with complex input structures encapsulated in ST, as they are not specifically designed to generate appropriate input sequences. This renders the application of traditional fuzzing techniques less efficient on these platforms. To address this issue, this paper presents a fuzzing framework designed explicitly for PLC software to discover logic bugs in applications written in ST specified by the IEC 61131-3 standard. The proposed framework incorporates a custom-tailored PLC runtime and a fuzzer designed for the purpose. We demonstrate its effectiveness by fuzzing a collection of ST programs that were crafted for evaluation purposes. We compare the performance against a popular fuzzer, namely, AFL++. The proposed fuzzing framework demonstrated its capabilities in our experiments, successfully detecting logic bugs in the tested PLC control logic applications written in ST. On average, it was at least 83 times faster than AFL++, and in certain cases, for example, it was more than 23,000 times faster.

show abstract

Section: Fuzzingmentioning

confidence: 99%

StructuredFuzzer: Fuzzing Structured Text-Based Control Logic Applications

Koffi,

Kampourakis,

Song

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

“…In addition to surveys on common fuzzing, there are also surveys focused on subclasses of fuzzing. Eisele et al reviewed the fuzzing approaches for embedded systems [120]. They gave a formal definition of embedded fuzzing and grouped the approaches according to how the execution environment is served to the system under test.…”

Section: Related Workmentioning

confidence: 99%

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

Standardization in the Transformation of Civic Systems Using Safe and Secure Internet of Things Systems

Jadhav

2023

Signals and Communication Technology

View full text Add to dashboard Cite

Embedded fuzzing: a review of challenges, tools, and solutions

Cited by 12 publications

References 42 publications

StructuredFuzzer: Fuzzing Structured Text-Based Control Logic Applications

StructuredFuzzer: Fuzzing Structured Text-Based Control Logic Applications

The progress, challenges, and perspectives of directed greybox fuzzing

Standardization in the Transformation of Civic Systems Using Safe and Secure Internet of Things Systems

Contact Info

Product

Resources

About