Multi-target Coverage-based Greybox Fuzzing
Masami Ichikawa
TL;DR
This paper introduces MTCFuzz, a novel greybox fuzzing approach that explores multiple cooperating system components like firmware and OS simultaneously, enhancing vulnerability detection in complex system architectures.
Contribution
It proposes a multi-target coverage-based fuzzing method that leverages code coverage from multiple components, implemented in a virtualized environment for unified execution.
Findings
Improved code coverage across system components.
Enhanced vulnerability discovery in firmware and OS.
Effective fuzzing in RISC-V and ARM architectures.
Abstract
In recent years, fuzzing has been widely applied not only to application software but also to system software, including the Linux kernel and firmware, and has become a powerful technique for vulnerability discovery. Among these approaches, Coverage-based grey-box fuzzing, which utilizes runtime code coverage information, has become the dominant methodology. Conventional fuzzing techniques primarily target a single software component and have paid little attention to cooperative execution with other software. However, modern system software architectures commonly consist of firmware and an operating system that operate cooperatively through well-defined interfaces, such as OpenSBI in the RISC-V architecture and OP-TEE in the ARM architecture. In this study, we investigate fuzzing techniques for architectures in which an operating system and firmware operate cooperatively. In particular,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Testing and Debugging Techniques · Software Reliability and Analysis Research · Security and Verification in Computing