Presentation
CMFuzz: Parallel Fuzzing of IoT Protocols by Configuration Model Identification and Scheduling
DescriptionIoT protocols are essential for the communication among diverse devices.
In real-world scenarios, IoT protocols utilize flexible configurations to meet various use cases.
These configurations can significantly impact the protocols' execution paths, with many bugs emerging only under specific configurations. Fuzzing has become a prominent technique for uncovering vulnerabilities in IoT protocol implementations.
However, traditional fuzzing approaches are typically conducted using fixed or default configurations, overlooking potential issues that might arise in different settings.
This limitation can lead to missing critical bugs that appear only under alternative configurations.
In this paper, we propose CMFuzz, a parallel fuzzing framework designed to improve fuzzing effectiveness of IoT protocols through configuration identification and scheduling.
CMFuzz first constructs a generalized protocol configuration model by systematically extracting configuration items from protocol implementations.
Then, based on this model, CMFuzz defines the relations among configuration items and introduces a relation-aware allocation mechanism to distribute them across parallel fuzzing instances.
For evaluation, We implement CMFuzz on top of the widely-used protocol fuzzer Peach and conduct experiments on six popular IoT protocols.
Compared to the original parallel mode of Peach and state-of-the-art parallel protocol fuzzer SPFuzz, CMFuzz covers an average of 34.4% and 28.5% more branches within 24 hours.
Additionally, CMFuzz has detected 14 previously-unknown bugs in these real-world IoT protocols.
In real-world scenarios, IoT protocols utilize flexible configurations to meet various use cases.
These configurations can significantly impact the protocols' execution paths, with many bugs emerging only under specific configurations. Fuzzing has become a prominent technique for uncovering vulnerabilities in IoT protocol implementations.
However, traditional fuzzing approaches are typically conducted using fixed or default configurations, overlooking potential issues that might arise in different settings.
This limitation can lead to missing critical bugs that appear only under alternative configurations.
In this paper, we propose CMFuzz, a parallel fuzzing framework designed to improve fuzzing effectiveness of IoT protocols through configuration identification and scheduling.
CMFuzz first constructs a generalized protocol configuration model by systematically extracting configuration items from protocol implementations.
Then, based on this model, CMFuzz defines the relations among configuration items and introduces a relation-aware allocation mechanism to distribute them across parallel fuzzing instances.
For evaluation, We implement CMFuzz on top of the widely-used protocol fuzzer Peach and conduct experiments on six popular IoT protocols.
Compared to the original parallel mode of Peach and state-of-the-art parallel protocol fuzzer SPFuzz, CMFuzz covers an average of 34.4% and 28.5% more branches within 24 hours.
Additionally, CMFuzz has detected 14 previously-unknown bugs in these real-world IoT protocols.
Event Type
Research Manuscript
TimeTuesday, June 2411:00am - 11:15am PDT
Location3008, Level 3
Security
SEC4: Embedded and Cross-Layer Security