@Article{jai.2021.017328, AUTHOR = {Xiaoyi Li, Xiaojun Pan, Yanbin Sun}, TITLE = {PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State}, JOURNAL = {Journal on Artificial Intelligence}, VOLUME = {3}, YEAR = {2021}, NUMBER = {1}, PAGES = {21--31}, URL = {http://www.techscience.com/jai/v3n1/42098}, ISSN = {2579-003X}, ABSTRACT = {The rise of the Internet of Things (IoT) exposes more and more important embedded devices to the network, which poses a serious threat to people’s lives and property. Therefore, ensuring the safety of embedded devices is a very important task. Fuzzing is currently the most effective technique for discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State Fuzz), a gray-box fuzzing technique based on protocol state orientation. By instrumenting the program that handles protocol fields in the firmware, the problem of lack of guidance information in common protocol fuzzing is solved. By recording and comparing state transition paths, the program can be quickly booted, thereby greatly improving the efficiency of fuzzing. More importantly, the tool utilizes the synchronous execution of the firmware simulator and the firmware program, which can collect and record system information in the event of a crash from multiple dimensions, providing assistance for further research. Our evaluation results show that for the same vulnerability, the efficiency of PS-Fuzz is about 8 times that of boofuzz under ideal conditions. Even rough instrumentation efficiency can reach 2 times that of boofuzz. In addition, PS-Fuzz can provide at least 6 items more information than boofuzz under the same circumstances.}, DOI = {10.32604/jai.2021.017328} }