Refinement of MMIO Models for Improving the Coverage of Firmware Fuzzing

arXiv:2403.06281v1 Announce Type: new
Abstract: Embedded systems (ESes) are now ubiquitous, collecting sensitive user data and helping the users make safety-critical decisions. Their vulnerability may thus pose a grave threat to the security and privacy of billions of ES users. Grey-box fuzzing is widely used for testing ES firmware. It usually runs the firmware in a fully emulated environment for efficient testing. In such a setting, the fuzzer cannot access peripheral hardware and hence must model the firmware's interactions with …

arxiv box collecting critical cs.cr data embedded embedded systems firmware fuzzing helping may privacy safety safety-critical security sensitive systems testing threat user data vulnerability