(2023) Fuzzing Embedded Systems Using Debug Interfaces.
This is the latest version of this item.
Text
issta23-gdbfuzz.pdf Download (1MB) |
Abstract
Fuzzing embedded systems is hard. Their key components - microcontrollers - are highly diverse and cannot be easily virtualized; their software may not be changed or instrumented. However, we observe that many, if not most, microcontrollers feature a debug interface through which a debug probe (typically controllable via GDB, the GNU debugger) can set a limited number of hardware breakpoints. Using these, we extract partial coverage feedback even for uninstrumented binary code; and thus enable effective fuzzing for embedded systems through a generic, widespread mechanism. In its evaluation on four different microcontroller boards, our prototypical implementation GDBFuzz quickly reaches high code coverage and detects known and new vulnerabilities. As it can be applied to any program and system that GDB can debug, GDBFuzz is one of the least demanding and most versatile coverage-guided fuzzers.
Item Type: | Conference or Workshop Item (A Paper) (Paper) |
---|---|
Uncontrolled Keywords: | embedded systems, firmware, security, automated software testing, fuzzing, GDB |
Divisions: | Andreas Zeller (Software Engineering, ST) |
Conference: | ISSTA International Symposium on Software Testing and Analysis |
Depositing User: | Max Eisele |
Date Deposited: | 17 May 2023 10:50 |
Last Modified: | 17 May 2023 10:50 |
Primary Research Area: | NRA3: Threat Detection and Defenses |
URI: | https://publications.cispa.saarland/id/eprint/3950 |
Available Versions of this Item
- Fuzzing Embedded Systems Using Debug Interfaces. (deposited 17 May 2023 10:50) [Currently Displayed]
Actions
Actions (login required)
View Item |