Search Icon
2027 Submissions

ReFuzz: Reusing Tests for Processor Fuzzing with Contextual Bandits

Chen Chen (Texas A&M University, USA), Zaiyan Xu (Texas A&M University, USA), Mohamadreza Rostami (Technische Universitat Darmstadt, Germany), David Liu (Texas A&M University, USA), Dileep Kalathil (Texas A&M University, USA), Ahmad-Reza Sadeghi (Technische Universitat Darmstadt, Germany), Jeyavijayan (JV) Rajendran (Texas A&M University, USA)

Processor designs rely on iterative modifications and reuse well-established designs. However, this reuse of prior designs also leads to similar vulnerabilities across multiple processors. As processors grow increasingly complex with iterative modifications, efficiently detecting vulnerabilities from modern processors is critical. Inspired by software fuzzing, hardware fuzzing has recently demonstrated its effectiveness in detecting processor vulnerabilities. Yet, to our best knowledge, existing processor fuzzers fuzz each design individually, lacking the capability to understand known vulnerabilities in prior processors to fine-tune fuzzing to identify similar or new variants of vulnerabilities.

To address this gap, we present ReFuzz, an adaptive fuzzing framework that leverages contextual bandit to reuse highly effective tests from prior processors to fuzz a processor-undertest (PUT) within a given ISA. By intelligently mutating tests that trigger vulnerabilities in prior processors, ReFuzz detects similar and new variants of vulnerabilities in PUTs. ReFuzz uncovered three new security vulnerabilities and two new functional bugs. ReFuzz detected one vulnerability by reusing a test that triggers a known vulnerability in a prior processor. One functional bug exists across three processors that share design modules. The second bug has two variants. Additionally, ReFuzz reuses highly effective tests to enhance efficiency in coverage, achieving an average 511.23× coverage speedup and up to 9.33% more total coverage, compared to existing fuzzers.

Paper
Slides
Video

View More Papers

HOUSTON: Real-Time Anomaly Detection of Attacks against Ethereum DeFi...

Dongyu Meng (University of California, Santa Barbara), Fabio Gritti (University of California, Santa Barbara), Robert McLaughlin (University of California, Santa Barbara), Nicola Ruaro (University of California, Santa Barbara), Ilya Grishchenko (University of Toronto), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)

Read More

OCCUPY+PROBE: Cross-Privilege Branch Target Buffer Side-Channel Attacks at Instruction...

Kaiyuan Rong (Tsinghua University, Zhongguancun Laboratory), Junqi Fang (Tsinghua University, Zhongguancun Laboratory), Haixia Wang (Tsinghua University), Dapeng Ju (Tsinghua University, Zhongguancun Laboratory), Dongsheng Wang (Tsinghua University, Zhongguancun Laboratory)

Read More

Small Cell, Big Risk: A Security Assessment of 4G...

Yaru Yang (Tsinghua University), Yiming Zhang (Tsinghua University), Tao Wan (CableLabs & Carleton University), Haixin Duan (Tsinghua University & Quancheng Laboratory), Deliang Chang (QI-ANXIN Technology Research Institute), Yishen Li (Tsinghua University), Shujun Tang (Tsinghua University & QI-ANXIN Technology Research Institute)

Read More