Abraham Clements, Abel Gomez Rivera (Sandia National Laboratories), Richard Jiayang Liu, Kirill Levchenko (University of Illinois Urbana-Champaign), Rick Kennell (Purdue University), Gabriela Ciocarlie (The Cybersecurity Manufacturing Innovation Institute and Stevens Institute of Technology) 

Embedded systems are integral to modern society and are increasingly being attacked, necessitating improved techniques to identifying and mitigating vulnerabilities. Fuzzing has proven to be a useful technique for identifying vulnerabilities. Nevertheless, the complexity of embedded systems using realtime operating systems (RTOSes) has limited the ability to even observe their execution, much less effectively fuzz them. Rehosting these systems’ firmware in an emulator has emerged as a technique to solve challenges with inspectability and parallelizing fuzzing, but challenges remain for complex RTOS-based systems. We present RT-Fuzzer, a technique that leverages the modularization of RTOS-based embedded systems into tasks to simplify re-hosting and enable effective feedback-directed fuzzing of complex embedded systems. RT-Fuzzer creates a custom initialization for the RTOS and core services in the emulator and then starts only the target task(s) for fuzzing. This simplifies rehosting and enables the fuzzing effort to be focused on a selected task. We illustrate this technique on an open source RTOS and a commercial PLC discovering and reporting vulnerabilities in both.

View More Papers

TIPSO-GAN: Malicious Network Traffic Detection Using a Novel Optimized...

Ernest Akpaku (School of Computer Science and Communication Engineering, Jiangsu University), Jinfu Chen (School of Computer Science and Communication Engineering, Jiangsu University), Joshua Ofoeda (University of Professional Studies, Accra)

Read More

When Cache Poisoning Meets LLM Systems: Semantic Cache Poisoning...

Guanlong Wu (SUSTech), Taojie Wang (SUSTech), Yao Zhang (ByteDance Inc.), Zheng Zhang (SUSTech), Jianyu Niu (SUSTech), Ye Wu (ByteDance Inc.), Yinqian Zhang (SUSTech)

Read More

Inspecting Compiler Optimizations on Mixed Boolean Arithmetic Obfuscation

Rachael Little, Dongpeng Xu (University of New Hampshire)

Read More