Abstract
With the proliferation of IoT devices, an increasing number of attack surfaces are exposed to malicious hackers. Discovering vulnerabilities in IoT devices and patching them is imperative. However, there is a lack of effective tools to help IoT developers discover vulnerabilities in their code. Fuzzing is an effective and widely used technique to discover software vulnerabilities in general-purpose computers. In this paper, we present ARM-AFL, an effective, coverage-guided fuzzing framework for ARM-based IoT devices. ARM-AFL instruments software during compilation and runs fuzzing directly on IoT devices. This addresses compatibility issues in user-mode emulation and provides higher throughput than full-system emulation. We also design a light-weight heap memory corruption detector (lwHMCD), which is able to detect three kinds of silent heap memory corruptions. By combining ARM-AFL and lwHMCD, IoT developers can discover vulnerabilities before an attacker does.
Author supplied keywords
Cite
CITATION STYLE
Fan, R., Pan, J., & Huang, S. (2020). ARM-AFL: Coverage-guided fuzzing framework for ARM-based IoT devices. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12418 LNCS, pp. 239–254). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-61638-0_14
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
