@Article{jai.2021.017328,
AUTHOR = {Xiaoyi Li, Xiaojun Pan, Yanbin Sun},
TITLE = {PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State},
JOURNAL = {Journal on Artificial Intelligence},
VOLUME = {3},
YEAR = {2021},
NUMBER = {1},
PAGES = {21--31},
URL = {http://www.techscience.com/jai/v3n1/42098},
ISSN = {2579-003X},
ABSTRACT = {The rise of the Internet of Things (IoT) exposes more and more 
important embedded devices to the network, which poses a serious threat to 
people’s lives and property. Therefore, ensuring the safety of embedded devices 
is a very important task. Fuzzing is currently the most effective technique for 
discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State 
Fuzz), a gray-box fuzzing technique based on protocol state orientation. By 
instrumenting the program that handles protocol fields in the firmware, the 
problem of lack of guidance information in common protocol fuzzing is solved. 
By recording and comparing state transition paths, the program can be quickly 
booted, thereby greatly improving the efficiency of fuzzing. More importantly, the 
tool utilizes the synchronous execution of the firmware simulator and the firmware 
program, which can collect and record system information in the event of a crash 
from multiple dimensions, providing assistance for further research. Our 
evaluation results show that for the same vulnerability, the efficiency of PS-Fuzz 
is about 8 times that of boofuzz under ideal conditions. Even rough 
instrumentation efficiency can reach 2 times that of boofuzz. In addition, PS-Fuzz 
can provide at least 6 items more information than boofuzz under the same 
circumstances.},
DOI = {10.32604/jai.2021.017328}
}