PSOFuzz: Fuzzing Processors with Particle Swarm Optimization

TL;DR

PSOFuzz employs a modified particle swarm optimization technique to dynamically guide hardware fuzzing, significantly accelerating vulnerability detection and coverage in processor designs.

Contribution

It introduces a novel PSO-based approach for dynamic mutation scheduling and seed generation, enhancing hardware fuzzing efficiency over traditional methods.

Findings

Achieves up to 15.25× speedup in vulnerability detection.

Attains up to 2.22× speedup in design coverage.

Outperforms existing fuzzers without PSO.

Abstract

Hardware security vulnerabilities in computing systems compromise the security defenses of not only the hardware but also the software running on it. Recent research has shown that hardware fuzzing is a promising technique to efficiently detect such vulnerabilities in large-scale designs such as modern processors. However, the current fuzzing techniques do not adjust their strategies dynamically toward faster and higher design space exploration, resulting in slow vulnerability detection, evident through their low design coverage. To address this problem, we propose PSOFuzz, which uses particle swarm optimization (PSO) to schedule the mutation operators and to generate initial input programs dynamically with the objective of detecting vulnerabilities quickly. Unlike traditional PSO, which finds a single optimal solution, we use a modified PSO that dynamically computes the optimal solution for selecting mutation operators required to explore new design regions in hardware. We also address the challenge of inefficient initial seed generation by employing PSO-based seed generation. Including these optimizations, our final formulation outperforms fuzzers without PSO. Experiments show that PSOFuzz achieves up to 15.25$\times$ speedup for vulnerability detection and up to 2.22$\times$ speedup for coverage compared to the state-of-the-art simulation-based hardware fuzzer.