ISSTA 2022
Mon 18 - Fri 22 July 2022 Online
Wed 20 Jul 2022 18:00 - 18:20 at ISSTA 2 - Session 3-4: Fuzzing and Friends E Chair(s): Ding Li
Fri 22 Jul 2022 01:40 - 02:00 at ISSTA 1 - Session 1-11: Fuzzing and Friends D

Greybox fuzzing has become one of the most effective vulnerability discovery techniques. However, greybox fuzzing techniques cannot be directly applied to applications in IoT devices. The main reason is that executing these applications highly relies on specific system environments and hardware. To execute the applications in Linux based IoT devices, most existing fuzzing techniques use full-system emulation for the purpose of maximizing compatibility. However, compared with user-mode emulation, full-system emulation suffers from great overhead. Therefore, some previous works, such as Firm-AFL, propose to combine full-system emulation and user-mode emulation to speed up the fuzzing process. Despite the attempts of trying to shift the application towards user-mode emulation, no existing technique supports to execute these applications fully in the user-mode emulation.

To address this issue, we propose EQUAFL, which can automatically setup the execution environment to execute embedded application under user-mode emulation. EQUAFL first executes the application under full-system emulation and observe for the key points where the program may get stuck or even crash during user-mode emulation. With the observed information, EQUAFL can migrate the needed environment for user-mode emulation. Then, EQUAFL uses an enhanced user-mode emulation to replay system calls of network, and resource management behaviors to fulfill the needs of the embedded application during its execution.

We evaluate EQUAFL on 70 network applications from different series of IoT devices. The result shows EQUAFL outperforms the state-of-the-arts in fuzzing efficiency (on average, 26 times faster than AFL-QEMU with full-system emulation, 14 times than Firm-AFL). We have also discovered ten vulnerabilities including six CVEs from the tested firmware images.

Wed 20 Jul

Displayed time zone: Seoul change

18:00 - 19:00
Session 3-4: Fuzzing and Friends ETechnical Papers at ISSTA 2
Chair(s): Ding Li Peking University
18:00
20m
Talk
Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation
Technical Papers
Yaowen Zheng Nanyang Technological University; Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China;, Yuekang Li Nanyang Technological University, Cen Zhang Nanyang Technological University, Hongsong Zhu Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China, Yang Liu Nanyang Technological University, Limin Sun Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China
DOI
18:20
20m
Talk
MDPFuzz: Testing Models Solving Markov Decision Processes
Technical Papers
Qi Pang HKUST, Yuanyuan Yuan The Hong Kong University of Science and Technology, Shuai Wang Hong Kong University of Science and Technology
DOI
18:40
20m
Talk
PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation
Technical Papers
Zheyu Ma , Bodong Zhao Tsinghua University, Letu Ren Department of Computer Science and Technology, Tsinghua University, Zheming Li Tsinghua University, Siqi Ma the University of Queensland, Xiapu Luo Hong Kong Polytechnic University, Chao Zhang Tsinghua University
DOI

Fri 22 Jul

Displayed time zone: Seoul change

01:40 - 02:20
Session 1-11: Fuzzing and Friends DTechnical Papers at ISSTA 1
01:40
20m
Talk
Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation
Technical Papers
Yaowen Zheng Nanyang Technological University; Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China;, Yuekang Li Nanyang Technological University, Cen Zhang Nanyang Technological University, Hongsong Zhu Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China, Yang Liu Nanyang Technological University, Limin Sun Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China
DOI
02:00
20m
Talk
TensileFuzz: Facilitating Seed Input Generation in Fuzzing via String Constraint Solving
Technical Papers
Xuwei Liu Purdue University, USA, Wei You Renmin University of China, Zhuo Zhang Purdue University, Xiangyu Zhang Purdue University
DOI