PS-Fuzz:Efficient Graybox Firmware Fuzzing Based on Protocol State  被引量：2

作　　者：Xiaoyi Li Xiaojun Pan Yanbin Sun 

机构地区：[1]Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou,510000,China

出　　处：《Journal on Artificial Intelligence》2021年第1期21-31,共11页人工智能杂志（英文）

基　　金：This work is funded by the National Key Research and Development Plan(Grant No.2018YFB0803504);the National Natural Science Foundation of China(Nos.62072130,61702223,61702220,61871140,61872420,U1636215);the Guangdong Province Key Area R&D Program of China(No.2019B010137004);the Guangdong Basic and Applied Basic Research Foundation(No.2020A1515010450);Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme(2019);the Opening Project of Shanghai Trusted Industrial Control Platform(TICPSH202003014-ZC).

摘　　要：The rise of the Internet of Things(IoT)exposes more and more important embedded devices to the network,which poses a serious threat to people’s lives and property.Therefore,ensuring the safety of embedded devices is a very important task.Fuzzing is currently the most effective technique for discovering vulnerabilities.In this work,we proposed PS-Fuzz(Protocol State Fuzz),a gray-box fuzzing technique based on protocol state orientation.By instrumenting the program that handles protocol fields in the firmware,the problem of lack of guidance information in common protocol fuzzing is solved.By recording and comparing state transition paths,the program can be quickly booted,thereby greatly improving the efficiency of fuzzing.More importantly,the tool utilizes the synchronous execution of the firmware simulator and the firmware program,which can collect and record system information in the event of a crash from multiple dimensions,providing assistance for further research.Our evaluation results show that for the same vulnerability,the efficiency of PS-Fuzz is about 8 times that of boofuzz under ideal conditions.Even rough instrumentation efficiency can reach 2 times that of boofuzz.In addition,PS-Fuzz can provide at least 6 items more information than boofuzz under the same circumstances.

关 键 词：FIRMWARE vulnerability mining FUZZING 

分 类 号：TN9[电子电信—信息与通信工程]