Abstract

The root cause of the insecurity for smart devices is the potential vulnerabilities in smart devices. There are many approaches to find the potential bugs in smart devices. Fuzzing is the most effective vulnerability finding technique, especially the coverage-guided fuzzing. The coverage-guided fuzzing identifies the high-quality seeds according to the corresponding code coverage triggered by these seeds. Existing coverage-guided fuzzers consider that the higher the code coverage of seeds, the greater the probability of triggering potential bugs. However, in real-world applications running on smart devices or the operation system of the smart device, the logic of these programs is very complex. Basic blocks of these programs play a different role in the process of application exploration. This observation is ignored by existing seed selection strategies, which reduces the efficiency of bug discovery on smart devices. In this paper, we propose a contribution-aware coverage-guided fuzzing, which estimates the contributions of basic blocks for the process of smart device exploration. According to the control flow of the target on any smart device and the runtime information during the fuzzing process, we propose the static contribution of a basic block and the dynamic contribution built on the execution frequency of each block. The contribution-aware optimization approach does not require any prior knowledge of the target device, which ensures our optimization adapting gray-box fuzzing and white-box fuzzing. We designed and implemented a contribution-aware coverage-guided fuzzer for smart devices, called StFuzzer. We evaluated StFuzzer on four real-world applications that are often applied on smart devices to demonstrate the efficiency of our contribution-aware optimization. The result of our trials shows that the contribution-aware approach significantly improves the capability of bug discovery and obtains better execution speed than state-of-the-art fuzzers.

Highlights

  • Various smart devices have been installed in many situations. e security of smart devices is essential to ensure the normal functions of these smart devices. e root cause of any attack is the potential vulnerabilities in smart devices

  • If the fuzzing process captures an exception, it means that a vulnerability had been triggered by a test case. e fuzzing technique can be classified as generation-based and mutation-based. e generation-based fuzzing relies on grammar constraints to generate random inputs, such as Peach [6]

  • We provide a contribution metric based on the control flow and runtime information, which quantifies the contribution of basic blocks for exploring applications. e approach only utilizes the control flow information of target applications and does not use sophisticated data flow analysis

Read more

Summary

Introduction

Various smart devices have been installed in many situations. e security of smart devices is essential to ensure the normal functions of these smart devices. e root cause of any attack is the potential vulnerabilities in smart devices. Ere are many automatic approaches to identify bugs in applications or devices, such as taint, symbolic execution, or fuzzing. Fuzzing is the most effective vulnerability identification technology, which inputs various random data to the target application to anticipate a dangerous execution state. E mutated file as a test case will cause the target application to stop in a shallow execution state. Fuzzing is an automatic software testing technique that attempts to input random data into the target application and expects the target has exceptions. Since generation-based fuzzers must require grammar constraints of corresponding input format, the usage of generated fuzzing is not universal. Mutation-based fuzzers mutate seeds of the initial corpus to generate test cases which are put into the target application for execution. Mutation-based fuzzers do not require configuration files for different target application, which makes this technology more versatile

Methods
Results
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
LLVM-based Hybrid Fuzzing with LibKluzzer (Competition Contribution)
Hoang M Le
-
Hoang M LeHoang M Le
01 Jan 2020
PathAFL: Path-Coverage Assisted Fuzzing
Shengbo Yan ... Wei Shao
-
Shengbo Yan, et. al.Shengbo Yan ... Wei Shao
05 Oct 2020
A Hierarchical Automata Based Approach for Anomaly Detection in Smart Home Devices
Kai Kang ... Wei Wang
-
Kai Kang, et. al.Kai Kang ... Wei Wang
01 Nov 2020
Obtaining Fuzzing Results with Different Timeouts
Wenxi Zhang
-
Wenxi ZhangWenxi Zhang
01 Apr 2022
View more papers

More From: Security and Communication Networks

Paper Title
Journal
Date
Author
HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection
Peng Xiao ... Ying Yan
Security and Communication Networks | VOL. -
Peng Xiao, et. al.Peng Xiao ... Ying Yan
30 May 2024
A Robust Coverless Image Steganography Algorithm Based on Image Retrieval with SURF Features
Fan Li ... Zahid Mehmood
Security and Communication Networks | VOL. 2024
Fan Li, et. al.Fan Li ... Zahid Mehmood
18 May 2024
Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset
Mudassar Waheed ... Luigi Catuogno
Security and Communication Networks | VOL. 2024
Mudassar Waheed, et. al.Mudassar Waheed ... Luigi Catuogno
08 Apr 2024
Securing the Transmission While Enhancing the Reliability of Communication Using Network Coding in Block-Wise Transfer of CoAP
Mohammed D Halloush ... Shadab Alam
Security and Communication Networks | VOL. 2024
Mohammed D Halloush, et. al.Mohammed D Halloush ... Shadab Alam
28 Mar 2024
View more papers