Embedded Systems – the hidden computers in our lives – are deployed in the billionths and are already in the focus of attackers. They pose security risks when not tested and maintained thoroughly. In recent years, fuzzing has become a
promising technique for automated security testing of programs, which can generate tons of test inputs for a program. Fuzzing is hardly applied to embedded systems, because of their high diversity and closed character. During my research I want tackle that gap in fuzzing embedded systems – short: “Embedded Fuzzing”. My goal is to obtain insights of the embedded system during execution, by using common debugging interfaces and hardware breakpoints to enable guided fuzzing in a generic and widely applicable way. Debugging interfaces and hardware breakpoints are available for most common microcontrollers, generating a potential industry impact. Preliminary results show that the approach covers basic blocks faster than blackbox fuzzing. Additionally, it is source code agnostic and leaves the
embedded firmware unaltered.
History
Preferred Citation
Max Eisele. Debugger-driven Embedded Fuzzing. In: International Conference on Software Testing, Verification and Validation (ICST). 2022.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
International Conference on Software Testing, Verification and Validation (ICST)
Legacy Posted Date
2023-07-07
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_3982,
title = "Debugger-driven Embedded Fuzzing",
author = "Eisele, Max",
booktitle="{International Conference on Software Testing, Verification and Validation (ICST)}",
year="2022",
}