Abstract
With the rapid development of network security and the frequent appearance of CPU vulnerabilities, CPU security have gradually raised great attention and become a crucial issue in the computer field. Undocumented instructions, as one of the important threats to system security, is an important entry for CPU security research. Using fuzzing technology can automatically test the CPU instruction set and discover potential undocumented instructions, but the existing methods are of slow search speed and low accuracy. Therefore, this paper designs an efficient fuzzing method (UISFuzz) for undocumented instruction searching. This method has the following merits: (1) the instruction search speed is greatly improved by an automatic instruction format recognition, as the low efficient part of the known instruction format is skipped and therefore the instruction search space is much narrowed; (2) the false positive rate is reduced by a recheck mechanism based on the expert knowledge database to filter the wrongly found instructions; (3) the overhead of the method is decreased by optimizing the result analysis program, and the scope of the system is expanded, where more processors with lower performance are compatible. Typical CPU experimental results show that, the UISFuzz can successfully find undocumented instructions in the CPUs and simultaneously improve the time efficiency by 5 times compared with existing tools.
Highlights
INTRODUCTIONWith the rapid development of electronics economy (for example, e-wallets, encrypted virtual currency and mobile payments), information technology has been strongly related to the economy and business [1]
With the rapid development of electronics economy, information technology has been strongly related to the economy and business [1]
Zhu et al [1] proposed the CPU Security Benchmark, and mentioned that their undocumented instruction search tool was improved compared to Sandsifter
Summary
With the rapid development of electronics economy (for example, e-wallets, encrypted virtual currency and mobile payments), information technology has been strongly related to the economy and business [1]. The existing researches for CPU undocumented instruction search are still insufficient. X. Li et al.: UISFuzz: Efficient Fuzzing Method for CPU Undocumented Instruction Searching to find its vulnerability or backdoors. This chapter will be divided into two parts: (1) the history of CPU vulnerabilities and backdoors; (2) researches for security test of software and CPU. 2) RESEARCHES FOR SECURITY TEST OF SOFTWARE AND CPU There are many methods to discover vulnerabilities and backdoors in software, which can be divided into two categories: program static vulnerability analysis techniques and dynamic vulnerability analysis techniques [41]. Zhu et al [1] proposed the CPU Security Benchmark, and mentioned that their undocumented instruction search tool was improved compared to Sandsifter. B. OUR CONTRIBUTION to meet the requirements of CPU security testing, this paper designs and implements an efficient fuzzing method (UISFuzz) for CPU undocumented instruction searching. Actual testing on various typical CPUs, and the speed was 5 times faster than the existing methods
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
