ISSTA 2025
Wed 25 - Sat 28 June 2025 Trondheim, Norway
co-located with FSE 2025
Thu 26 Jun 2025 16:50 - 17:15 at Cosmos 3A - Fuzzing 2 Chair(s): Heqing Huang

Electronic Control Units (ECUs), providing a wide range of functions from basic control functions to safety-critical functions, play a critical role in modern vehicles. Fuzzing has emerged as an effective approach to ensure the functional safety and automotive security of ECU firmwares. However, existing fuzzing approaches focus on the inputs from other ECUs through external buses (e.g., CAN), but neglect the inputs from internal peripherals through on-board buses (e.g., SPI). Due to the restricted input space exploration, they fail to comprehensively fuzz ECU firmwares. Moreover, existing fuzzing approaches often lack visibility into ECU firmwares’ internal states but rely on limited feedback (e.g., message timeouts or hardware indicators), hindering their effectiveness.

To address these limitations, we propose a structure-aware, diagnosis-guided framework, \tool, to comprehensively and effectively fuzz ECU firmwares. Specifically, \tool simultaneously considers external buses (i.e., CAN) and on-board buses (i.e., SPI). It leverages the structure of CAN and SPI to effectively mutate CAN messages and SPI sequences, and incorporates a dual-core microcontroller-based peripheral emulator to handle real-time SPI communication. In addition, \tool implements a new feedback mechanism to guide the fuzzing process. It leverages automotive diagnostic protocols to collect ECUs’ internal states, i.e., trouble codes, error-related variables, and exception contexts. Our compatibility evaluation on ten ECUs from three major Tier 1 automotive suppliers has indicated that our framework is compatible with nine ECUs. Our effectiveness evaluation on three representative ECUs has demonstrated that our framework detects nine previously unknown safety-critical faults, which have been patched by technicians from the suppliers.

Thu 26 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:15
Fuzzing 2Research Papers at Cosmos 3A
Chair(s): Heqing Huang City University of Hong Kong
16:00
25m
Talk
Program Feature-based Benchmarking for Fuzz Testing
Research Papers
Miao Miao The University of Texas at Dallas, Sriteja Kummita Fraunhofer Institute for Mechatronic Systems Design (Fraunhofer IEM), Eric Bodden Heinz Nixdorf Institute at Paderborn University; Fraunhofer IEM, Shiyi Wei University of Texas at Dallas
DOI
16:25
25m
Talk
Unlocking Low Frequency Syscalls in Kernel Fuzzing with Dependency-based RAG
Research Papers
Zhiyu Zhang Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Longxing Li Institute of Information Engineering, Chinese Academy of Sciences, China, Ruigang Liang Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Kai Chen Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences
DOI
16:50
25m
Talk
Structure-Aware, Diagnosis-Guided ECU Firmware Fuzzing
Research Papers
Qicai Chen Fudan University, China, Kun Hu School of Computer Science, Fudan University, Sichen Gong Fudan University, China, Bihuan Chen Fudan University, kevin kong Fudan University, Haowen Jiang Fudan University, China, Bingkun Sun Fudan University, You Lu Fudan University, Xin Peng Fudan University
DOI

Information for Participants
Thu 26 Jun 2025 16:00 - 17:15 at Cosmos 3A - Fuzzing 2 Chair(s): Heqing Huang
Info for room Cosmos 3A:

Cosmos 3A is the first room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.

:
:
:
: