Search Icon
2026 Program

ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles

Yuncheng Wang (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Yaowen Zheng (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Puzhuo Liu (Tsinghua University, China and Ant Group, China), Dongliang Fang (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Jiaxing Cheng (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Dingyi Shi (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Limin Sun (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China)

Robotic vehicles (RVs) play an increasingly vital role in modern society, with widespread applications in both commercial and military contexts. RV control software is the core of RV systems, which maintains proper operation by continuously computing the vehicle's internal state, sensor readings, and external inputs to adjust the system's behavior accordingly. However, the vast combination space of configurable parameters, command inputs, and environment-sensed data in RV software introduces significant security risks to the system. Existing fuzzing techniques face substantial challenges in effectively exploring this vast input space while uncovering deep bugs.
To address these challenges, we propose ADGFuzz, a novel fuzzing framework specifically designed to detect assignment statement bugs in RV control software. ADGFuzz statically constructs an Assignment Dependency Graph (ADG) to capture inter-variable dependencies within the program. These dependencies are then propagated to the RV input space by leveraging naming similarities, resulting in a targeted set of inputs referred to as the matched input set (MIS). Building upon this, ADGFuzz performs entropy-aware fuzzing over the MISs, thereby enhancing the overall efficiency of bug discovery. In our evaluation, ADGFuzz uncovered 87 unique bugs across three RV types, 78 of which were previously unknown. All found bugs were responsibly disclosed to the developers, and 16 have been confirmed for fixing.

Paper
Slides

View More Papers

AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks

Xin'an Zhou (University of California, Riverside), Juefei Pu (University of California, Riverside), Zhutian Liu (University of California, Riverside), Zhiyun Qian (University of California, Riverside), Zhaowei Tan (University of California, Riverside), Srikanth V. Krishnamurthy (University of California, Riverside), Mathy Vanhoef (DistriNet, KU Leuven)

Read More

Automating Function-Level TARA for Automotive Full-Lifecycle Security

Yuqiao Yang (UESTC), Yongzhao Zhang (UESTC), Wenhao Liu (GoGoByte Technology), Jun Li (GoGoByte Technology), Pengtao Shi (GoGoByte Technology), DingYu Zhong (UESTC), Jie Yang (UESTC), Ting Chen (UESTC), Sheng Cao (UESTC), Yuntao Ren (UESTC), Yongyue Wu (UESTC), Xiaosong Zhang (UESTC)

Read More

When Focus Enhances Utility: Target Range LDP Frequency Estimation...

Bo Jiang (TikTok Inc.), Wanrong Zhang (TikTok Inc.), Donghang Lu (TikTok Inc.), Jian Du (TikTok Inc.), Qiang Yan (TikTok Inc.)

Read More