Search Icon
2027 Submissions

ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles

Yuncheng Wang (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Yaowen Zheng (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Puzhuo Liu (Tsinghua University, China and Ant Group, China), Dongliang Fang (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Jiaxing Cheng (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Dingyi Shi (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China), Limin Sun (Institute of Information Engineering, CAS, China and School of Cyber Security, University of Chinese Academy of Sciences, China)

Robotic vehicles (RVs) play an increasingly vital role in modern society, with widespread applications in both commercial and military contexts. RV control software is the core of RV systems, which maintains proper operation by continuously computing the vehicle's internal state, sensor readings, and external inputs to adjust the system's behavior accordingly. However, the vast combination space of configurable parameters, command inputs, and environment-sensed data in RV software introduces significant security risks to the system. Existing fuzzing techniques face substantial challenges in effectively exploring this vast input space while uncovering deep bugs.
To address these challenges, we propose ADGFuzz, a novel fuzzing framework specifically designed to detect assignment statement bugs in RV control software. ADGFuzz statically constructs an Assignment Dependency Graph (ADG) to capture inter-variable dependencies within the program. These dependencies are then propagated to the RV input space by leveraging naming similarities, resulting in a targeted set of inputs referred to as the matched input set (MIS). Building upon this, ADGFuzz performs entropy-aware fuzzing over the MISs, thereby enhancing the overall efficiency of bug discovery. In our evaluation, ADGFuzz uncovered 87 unique bugs across three RV types, 78 of which were previously unknown. All found bugs were responsibly disclosed to the developers, and 16 have been confirmed for fixing.

Paper
Slides
Video

View More Papers

STIP: Three-Party Privacy-Preserving and Lossless Inference for Large Transformers...

Mu Yuan (The Chinese University of Hong Kong), Lan Zhang (University of Science and Technology of China), Yihang Cheng (University of Science and Technology of China), Miao-Hui Song (University of Science and Technology of China), Guoliang Xing (The Chinese University of Hong Kong), Xiang-Yang Li (University of Science and Technology of China)

Read More

Targeted Password Guessing Using k-Nearest Neighbors

Zhen Li (Nankai University), Ding Wang (Nankai University)

Read More

TENSURE: Fuzzing Sparse Tensor Compilers (Registered Report)

Kabilan Mahathevan (Department of Computer Science, Virginia Tech, Blacksburg), Yining Zhang (Department of Computer Science, Virginia Tech, Blacksburg), Muhammad Ali Gulzar (Department of Computer Science, Virginia Tech, Blacksburg), Kirshanthan Sundararajah (Department of Computer Science, Virginia Tech, Blacksburg)

Read More