Visible to the public Debugger-driven Embedded Fuzzing

TitleDebugger-driven Embedded Fuzzing
Publication TypeConference Paper
Year of Publication2022
AuthorsEisele, Max
Conference Name2022 IEEE Conference on Software Testing, Verification and Validation (ICST)
Keywordscomposability, Computers, Conferences, Debugging, Embedded systems, fuzzing, Industries, Metrics, microcontrollers, pubcrawl, resilience, Resiliency, security testing
AbstractEmbedded Systems - the hidden computers in our lives - are deployed in the billionths and are already in the focus of attackers. They pose security risks when not tested and maintained thoroughly. In recent years, fuzzing has become a promising technique for automated security testing of programs, which can generate tons of test inputs for a program. Fuzzing is hardly applied to embedded systems, because of their high diversity and closed character. During my research I want tackle that gap in fuzzing embedded systems - short: "Embedded Fuzzing". My goal is to obtain insights of the embedded system during execution, by using common debugging interfaces and hardware breakpoints to enable guided fuzzing in a generic and widely applicable way. Debugging interfaces and hardware breakpoints are available for most common microcontrollers, generating a potential industry impact. Preliminary results show that the approach covers basic blocks faster than blackbox fuzzing. Additionally, it is source code agnostic and leaves the embedded firmware unaltered.
NotesISSN: 2159-4848
DOI10.1109/ICST53961.2022.00062
Citation Keyeisele_debugger-driven_2022