Open Access
ARTICLE
PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State
Xiaoyi Li, Xiaojun Pan, Yanbin Sun*
Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510000, China
* Corresponding Author: Yanbin Sun. Email:
Journal on Artificial Intelligence 2021, 3(1), 21-31. https://doi.org/10.32604/jai.2021.017328
Received 17 January 2021; Accepted 17 March 2021; Issue published 02 April 2021
Abstract
The rise of the Internet of Things (IoT) exposes more and more
important embedded devices to the network, which poses a serious threat to
people’s lives and property. Therefore, ensuring the safety of embedded devices
is a very important task. Fuzzing is currently the most effective technique for
discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State
Fuzz), a gray-box fuzzing technique based on protocol state orientation. By
instrumenting the program that handles protocol fields in the firmware, the
problem of lack of guidance information in common protocol fuzzing is solved.
By recording and comparing state transition paths, the program can be quickly
booted, thereby greatly improving the efficiency of fuzzing. More importantly, the
tool utilizes the synchronous execution of the firmware simulator and the firmware
program, which can collect and record system information in the event of a crash
from multiple dimensions, providing assistance for further research. Our
evaluation results show that for the same vulnerability, the efficiency of PS-Fuzz
is about 8 times that of boofuzz under ideal conditions. Even rough
instrumentation efficiency can reach 2 times that of boofuzz. In addition, PS-Fuzz
can provide at least 6 items more information than boofuzz under the same
circumstances.
Keywords
Cite This Article
X. Li, X. Pan and Y. Sun, "Ps-fuzz: efficient graybox firmware fuzzing based on protocol state,"
Journal on Artificial Intelligence, vol. 3, no.1, pp. 21–31, 2021. https://doi.org/10.32604/jai.2021.017328