Search Icon
2026 Program

ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles

Yuncheng Wang (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Yaowen Zheng (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Puzhuo Liu (Tsinghua University, China and Ant Group, China), Dongliang Fang (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Jiaxing Cheng (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Dingyi Shi (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Limin Sun (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China)

Robotic vehicles (RVs) play an increasingly vital role in modern society, with widespread applications in both commercial and military contexts. RV control software is the core of RV systems, which maintains proper operation by continuously computing the vehicle's internal state, sensor readings, and external inputs to adjust the system's behavior accordingly. However, the vast combination space of configurable parameters, command inputs, and environment-sensed data in RV software introduces significant security risks to the system. Existing fuzzing techniques face substantial challenges in effectively exploring this vast input space while uncovering deep bugs.
To address these challenges, we propose ADGFuzz, a novel fuzzing framework specifically designed to detect assignment statement bugs in RV control software. ADGFuzz statically constructs an Assignment Dependency Graph (ADG) to capture inter-variable dependencies within the program. These dependencies are then propagated to the RV input space by leveraging naming similarities, resulting in a targeted set of inputs referred to as the matched input set (MIS). Building upon this, ADGFuzz performs entropy-aware fuzzing over the MISs, thereby enhancing the overall efficiency of bug discovery. In our evaluation, ADGFuzz uncovered 87 unique bugs across three RV types, 78 of which were previously unknown. All found bugs were responsibly disclosed to the developers, and 16 have been confirmed for fixing.

Paper
Slides
Video

View More Papers

CoLD: Collaborative Label Denoising Framework for Network Intrusion Detection

Shuo Yang (The University of Hong Kong, Hong Kong SAR, China), Xinran Zheng (University College London, London, United Kingdom), Jinze Li (The University of Hong Kong, Hong Kong SAR, China), Jinfeng Xu (The University of Hong Kong, Hong Kong SAR, China), Edith C. H. Ngai (TThe University of Hong Kong, Hong Kong SAR, China)

Read More

Breaking the Generative Steganography Trilemma: ANStega for Optimal Capacity,...

Yaofei Wang (Hefei University of Technology), Weilong Pang (Hefei University of Technology), Kejiang Chen (University of Science and Technology of China), Jinyang Ding (University of Science and Technology of China), Donghui Hu (Hefei University of Technology), Weiming Zhang (University of Science and Technology of China), Nenghai Yu (University of Science and Technology of China)

Read More

IoTBec: An Accurate and Efficient Recurring Vulnerability Detection Framework...

Haoran Yang (Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Jiaming Guo (Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Shuangning Yang (School of Internet, Anhui University, China), Guoli…

Read More