Write a Blog >>
ASE 2021
Sun 14 - Sat 20 November 2021 Australia
Thu 18 Nov 2021 18:40 - 18:50 at Kangaroo - Firmware Chair(s): ingo Mueller

Internet-of-things (IoT) or mobile devices are omnipresent in our daily life; the security issues inside them are especially crucial. Greybox fuzzing has been shown effective in detecting vulnerabilities. However, applications in IoT or mobile devices are usually proprietary to specific vendors, fuzzers are required to support binary-only targets. Moreover, since these devices are of heterogeneous architectures, assigned with limited resources, and many testing targets are server-like programs, applying existing fuzzing techniques faces great challenges.

This paper proposes BiFF, a general-purpose fuzzer that aims to stress these issues. It supports binary-only targets, is general (supports multiple CPU architectures including Intel, ARM, MIPS, and PowerPC), fast (has the lowest runtime overhead compared to existing fuzzers), and flexible (uses a new fuzzing workflow that can fuzz any piece of code inside the target binary). Experiments demonstrate that BiFF has the best performance compared with state-of-the-art binary fuzzers and can fuzz the server-like programs which cannot be fuzzed by the existing fuzzers. Using BiFF, we’ve found 24 unknown vulnerabilities (including memory corruptions, infinite loops and infinite recursions) from industrial products.

Thu 18 Nov

Displayed time zone: Hobart change

18:00 - 19:00
FirmwareResearch Papers / NIER track / Industry Showcase at Kangaroo
Chair(s): ingo Mueller Monash University
FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution
Research Papers
Qiang Liu Zhejiang University, Cen Zhang Nanyang Technological University, Lin Ma Zhejiang University, Muhui Jiang The Hong Kong Polytechnic University; Zhejiang University, Yajin Zhou Zhejiang University, Lei Wu Zhejiang University, Wenbo Shen Zhejing University, Xiapu Luo Hong Kong Polytechnic University, Yang Liu Nanyang Technological University, Kui Ren Zhejiang University
iFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware
Research Papers
Peiyu Liu Zhejiang University, Shouling Ji Zhejiang University, Xuhong Zhang Zhejiang University, Qinming Dai Zhejiang University, Kangjie Lu University of Minnesota, Lirong Fu Zhejiang University, Wenzhi Chen Zhejiang University, Peng Cheng Zhejiang University, Wenhai Wang Zhejiang University, Raheem Beyah Georgia Institute of Technology
BIFF: Practical Binary Fuzzing Framework for Programs of IoT and Mobile Devices
Industry Showcase
Cen Zhang Nanyang Technological University, Yuekang Li Nanyang Technological University, Hongxu Chen Nanyang Technological University, Xiaoxing Luo Huawei Technologies Co., Ltd., Miaohua Li Huawei Technologies Co., Ltd., Anh Quynh Nguyen Nanyang Technological University, Yang Liu Nanyang Technological University
Adaptation 2.0: Adapting Specification Learners in Assured Adaptive Systems
NIER track
Dalal Alrajeh Imperial College London, Patrick Benjamin Imperial College London, Sebastian Uchitel Imperial College London & University of Buenos Aires