Fuzzing Embedded Systems using Debug Interfaces

被引:5
作者
Eisele, Max [1 ,2 ]
Ebert, Daniel [1 ]
Huth, Christopher [1 ]
Zeller, Andreas [3 ]
机构
[1] Robert Bosch GmbH, Renningen, Germany
[2] Saarland Univ, Saarbrucken, Germany
[3] CISPA Helmholtz Ctr Informat Secur, Saarbrucken, Germany
来源
PROCEEDINGS OF THE 32ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, ISSTA 2023 | 2023年
关键词
embedded systems; firmware; security; automated software testing; fuzzing; GDB; GNU;
D O I
10.1145/3597926.3598115
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Fuzzing embedded systems is hard. Their key components - microcontrollers - are highly diverse and cannot be easily virtualized; their software may not be changed or instrumented. However, we observe that many, if not most, microcontrollers feature a debug interface through which a debug probe (typically controllable via GDB, the GNU debugger) can set a limited number of hardware breakpoints. Using these, we extract partial coverage feedback even for uninstrumented binary code; and thus enable effective fuzzing for embedded systems through a generic, widespread mechanism. In its evaluation on four different microcontroller boards, our prototypical implementation GDBFuzz quickly reaches high code coverage and detects known and new vulnerabilities. As it can be applied to any program and system that GDB can debug, GDBFuzz is one of the least demanding and most versatile coverage-guided fuzzers.
引用
收藏
页码:1031 / 1042
页数:12
相关论文
共 60 条
[1]  
Agrawal H., 1999, Software Engineering Notes, V24, P11, DOI 10.1145/381788.316166
[2]  
Agrawal H., 1994, Conference Record of POPL '94: 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, P25, DOI 10.1145/174675.175935
[3]   Fuzzing Framework for ESP32 Microcontrollers [J].
Boersig, Matthias ;
Nitzsche, Sven ;
Eisele, Max ;
Groell, Roland ;
Becker, Jurgen ;
Baumgart, Ingmar .
2020 IEEE INTERNATIONAL WORKSHOP ON INFORMATION FORENSICS AND SECURITY (WIFS), 2020,
[4]  
Bogad Katharina, 2019, P 3 REV OFF OR TREND, P1
[5]   Fuzzing: On the Exponential Cost of Vulnerability Discovery [J].
Bohme, Marcel ;
Falk, Brandon .
PROCEEDINGS OF THE 28TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '20), 2020, :713-724
[6]   Fuzzing: Challenges and Reflections [J].
Bohme, Marcel ;
Cadar, Cristian ;
Roychoudhury, Abhik .
IEEE SOFTWARE, 2021, 38 (03) :79-86
[7]   SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask [J].
Pang, Chengbin ;
Yu, Ruotong ;
Chen, Yaohui ;
Koskinen, Eric ;
Portokalidis, Georgios ;
Mao, Bing ;
Xu, Jun .
2021 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2021, :833-851
[8]  
Clements AA, 2020, PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, P1201
[9]  
Cooper K.D., 2001, Software Practice Experience, V4, P1
[10]   A practical interprocedural dominance algorithm [J].
De Sutter, Bjorn ;
Van Put, Ludo ;
De Bosschere, Koen .
ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2007, 29 (04)
123456