cispa_all_3950.pdf (1.01 MB)
Fuzzing Embedded Systems Using Debug Interfaces
conference contribution
posted on 2023-11-29, 18:24 authored by Max EiseleMax Eisele, Daniel Ebert, Christopher Huth, Andreas ZellerAndreas ZellerFuzzing embedded systems is hard. Their key components - microcontrollers - are highly diverse and cannot be easily virtualized; their software may not be changed or instrumented. However, we observe that many, if not most, microcontrollers feature a debug interface through which a debug probe (typically controllable via GDB, the GNU debugger) can set a limited number of hardware breakpoints. Using these, we extract partial coverage feedback even for uninstrumented binary code; and thus enable effective fuzzing for embedded systems through a generic, widespread mechanism. In its evaluation on four different microcontroller boards, our prototypical implementation GDBFuzz quickly reaches high code coverage and detects known and new vulnerabilities. As it can be applied to any program and system that GDB can debug, GDBFuzz is one of the least demanding and most versatile coverage-guided fuzzers.
History
Preferred Citation
Max Eisele, Daniel Ebert, Christopher Huth and Andreas Zeller. Fuzzing Embedded Systems Using Debug Interfaces. In: International Symposium on Software Testing and Analysis (ISSTA). 2023.Primary Research Area
- Threat Detection and Defenses
Name of Conference
International Symposium on Software Testing and Analysis (ISSTA)Legacy Posted Date
2023-05-17Open Access Type
- Green
BibTeX
@inproceedings{cispa_all_3950, title = "Fuzzing Embedded Systems Using Debug Interfaces", author = "Eisele, Max and Ebert, Daniel and Huth, Christopher and Zeller, Andreas", booktitle="{International Symposium on Software Testing and Analysis (ISSTA)}", year="2023", }Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC