FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets
By: Carmine Cesarano, Roberto Natella
Potential Business Impact:
Finds hidden bugs in closed software without source code.
Coverage-guided fuzzing has been widely applied to address zero-day vulnerabilities in general-purpose software and operating systems. This approach relies on instrumenting the target code at compile time. However, applying it to industrial systems remains challenging, due to proprietary and closed-source compiler toolchains and lack of access to source code. FuzzBox addresses these limitations by integrating emulation with fuzzing: it dynamically instruments code during execution in a virtualized environment, for the injection of fuzz inputs, failure detection, and coverage analysis, without requiring source code recompilation and hardware-specific dependencies. We show the effectiveness of FuzzBox through experiments in the context of a proprietary MILS (Multiple Independent Levels of Security) hypervisor for industrial applications. Additionally, we analyze the applicability of FuzzBox across commercial IoT firmware, showcasing its broad portability.
Similar Papers
Leveraging SystemC-TLM-based Virtual Prototypes for Embedded Software Fuzzing
Software Engineering
Tests computer programs before they are built.
On Interaction Effects in Greybox Fuzzing
Software Engineering
Finds computer bugs faster by trying different fixes.
LibLMFuzz: LLM-Augmented Fuzz Target Generation for Black-box Libraries
Cryptography and Security
Finds hidden problems in computer programs automatically.