WingMuzz: Blackbox Testing of IoT Protocols via Two-dimensional Fuzzing Schedule
This program is tentative and subject to change.
The Internet of Things (IoT) is widely used in various sectors but is often prone to vulnerabilities. With the proprietary nature of IoT devices, their source code and firmware are frequently unavailable for open review, rendering blackbox fuzzing a viable approach. However, the effectiveness of blackbox fuzzing is often challenging due to the lack of feedback, especially the information of code coverage. In this paper, we propose WINGMUZZ to provide blackbox fuzzing of IoT protocols with effective feedback. The key is to guide blackbox fuzzing by utilizing runtime information from greybox fuzzing on counterpart open-source code. This is based on our observation that IoT protocols and open-source code conform to the same specifications, indicating that inputs exploring different code regions on open-source code may also discover new coverage on IoT protocols. WINGMUZZ uses a two-dimensional fuzzing schedule to optimize the process of fuzzing IoT protocols. The first dimension involves scheduling open-source implementations, referred to as wingmates, so that similar ones are preferred to guide blackbox fuzzing. The second dimension utilizes coverage-guided greybox fuzzing to test open-source code. This solution can bridge the performance gap between blackbox fuzzing and greybox fuzzing on IoT protocols. We evaluate the performance of WINGMUZZ across eight IoT protocols and compare it with six widely-used blackbox fuzzers. On average, WINGMUZZ can discover 42.1%, 26.92%, 25.01%, 34.95%, 23.56% and 11.63% more edges than Boofuzz, Spike, Peach, SNIPUZZ, Pulsar and ChatAFL, respectively. Additionally, WINGMUZZ exposes 10 bugs in IoT protocols while other fuzzers expose no more than 3 bugs. It also exposes 2 new protocol vulnerabilities in IoT devices while other fuzzers cannot identify any.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | RSFuzz: A Robustness-Guided Swarm Fuzzing Framework Based on Behavioral Constraints Research Papers Ruoyu Zhou School of Computer Science and Technology, Xidian University, Xi'an, China; Shaanxi Key Laboratory of Network and System Security, Xidian University, Xi'an, China, Zhiwei Zhang School of Computer Science and Technology, Xidian University, Xi'an, China; Shaanxi Key Laboratory of Network and System Security, Xidian University, Xi'an, China, Haocheng Han School of Computer Science and Technology, Xidian University, Xi'an, China; Shaanxi Key Laboratory of Network and System Security, Xidian University, Xi'an, China, Xiaodong Zhang University of Chinese Academy of Science, Zehan Chen School of Computer Science and Technology, Xidian University, Xi’an, China; Shaanxi Key Laboratory of Network and System Security , Xidian University, Jun Sun Singapore Management University, Yulong Shen Xidian University, Dehai Xu Yiqiyin (Hangzhou) Technology Co., Ltd. Xi'an Branch, Xi'an, China | ||
14:10 10mTalk | DualFuzz: Detecting Vulnerability in Wi-Fi NICs through Dual-Directional Fuzzing Research Papers Yuanliang Chen Tsinghua University, Fuchen Ma Tsinghua University, Yanyang Zhao Tsinghua University, Yuanyi Li Shuimu Yulin Technology Co., Ltd, Yu Jiang Tsinghua University | ||
14:20 10mTalk | ORFuzz: Fuzzing the "Other Side" of LLM Safety – Testing Over-Refusal Research Papers Haonan Zhang Zhejiang University, Dongxia Wang Zhejiang University, Yi Liu Nanyang Technological University, Kexin Chen Zhejiang University, Jiashui Wang Zhejiang University, Xinlei Ying Ant Group, Long Liu Ant Group, Wenhai Wang Zhejiang University Pre-print | ||
14:30 10mTalk | DNAFuzz: Descriptor-Aware Fuzzing for USB Drivers Research Papers Zhengshu Wang Hubei University, Peng He Hubei University, Fuchen Ma Tsinghua University, Yuanliang Chen Tsinghua University, Shuoshuo Duan Shuimu Yulin Technology Co., Ltd, Yiyuan Bai Shuimu Yulin Technology Co., Ltd, Yu Jiang Tsinghua University | ||
14:40 10mTalk | ARG: Testing Query Rewriters via Abstract Rule Guided Fuzzing Research Papers Dawei Li Beihang University, Yuxiao Guo Beihang University, Qifan Liu Beihang University, Jie Liang Beihang University, Zhiyong Wu Tsinghua University, China, Jingzhou Fu School of Software, Tsinghua University, Chi Zhang Tsinghua University, Yu Jiang Tsinghua University | ||
14:50 10mTalk | Algernon: A Flag-Guided Hybrid Fuzzer for Unlocking Hidden Program Paths Research Papers Peng Deng Fudan University, Lei Zhang Fudan University, Jingqi Long Fudan University, Wenzheng Hong Independent, Zhemin Yang Fudan University, Yuan Zhang Fudan University, Donglai Zhu Fudan University, Min Yang Fudan University | ||
15:00 10mTalk | Interleaved Learning and Exploration: A Self-Adaptive Fuzz Testing Framework for MLIR Research Papers Zeyu Sun Institute of Software, Chinese Academy of Sciences, Jingjing Liang East China Normal University, Weiyi Wang Institute of Software, Chinese Academy of Sciences, Chenyao Suo Tianjin University, Junjie Chen Tianjin University, Fanjiang Xu Institute of Software at Chinese Academy of Sciences | ||
15:10 10mTalk | RCFuzz: Recommendation-based Collaborative Fuzzer Journal-First Track | ||
15:20 10mTalk | WingMuzz: Blackbox Testing of IoT Protocols via Two-dimensional Fuzzing Schedule Research Papers Xiaogang Zhu The University of Adelaide, Enze Dai Shenzhen International Graduate School, Tsinghua University, Xiaotao Feng 360 Vulnerability Research Institute, Shaohua Wang Central University of Finance and Economics, Xin Xia Zhejiang University, Sheng Wen Swinburne University of Technology, Kwok-Yan Lam Nanyang Technological University, Singapore, Yang Xiang Digital Research & Innovation Capability Platform, Swinburne University of Technology | ||