Fuzzing of Embedded Systems: A Survey-Reference-Cited by-同舟云学术

Fuzzing of Embedded Systems: A Survey

Published:2022-12-15 Issue:7 Volume:55 Page:1-33
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Yun Joobeom¹^ORCID,Rustamov Fayozbek¹^ORCID,Kim Juhwan¹^ORCID,Shin Youngjoo²^ORCID

Affiliation:

1. Sejong University, Gwangjin-gu, Seoul, Republic of Korea

2. Korea University, Seongbuk-gu, Seoul, Republic of Korea

Abstract

Security attacks abuse software vulnerabilities of IoT devices; hence, detecting and eliminating these vulnerabilities immediately are crucial. Fuzzing is an efficient method to identify vulnerabilities automatically, and many publications have been released to date. However, fuzzing for embedded systems has not been studied extensively owing to various obstacles, such as multi-architecture support, crash detection difficulties, and limited resources. Thus, the article introduces fuzzing techniques for embedded systems and the fuzzing differences for desktop and embedded systems. Further, we collect state-of-the-art technologies, discuss their advantages and disadvantages, and classify embedded system fuzzing tools. Finally, future directions for fuzzing research of embedded systems are predicted and discussed.

Funder

Ministry of Science and ICT (MSIT), South Korea

Information Technology Research Center

Institute for Information and Communications Technology Planning and Evaluation

National Research Foundation of Korea

Ministry of Education

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3538644

Reference147 articles.

1. Yousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang, and Heng Yin. 2021. Android SmartTVs Vulnerability discovery via \(Log-Guided\) fuzzing. In 30th USENIX Security Symposium (USENIX Security’21). 2759–2776.

2. Amazon. [n.d.]. Amazon Prime Air. Retrieved February 1 2022 from https://www.amazon.com/Amazon-Prime-Air/b?ie=UTF8&node=8037720011.

3. Amazon. [n.d.]. Google X-wing. Retrieved February 1 2022 from http:https://x.company/projects/wing/.

4. TinyOS-New Trends, Comparative Views, and Supported Sensing Applications: A Review

5. Erik Andersen. [n.d.]. uClibc. Retrieved June 10 2020 from https://www.uclibc.org/.

Cited by 11 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SHFuzz: Service handler-aware fuzzing for detecting multi-type vulnerabilities in embedded devices;Computers & Security;2024-03

2. HD-FUZZ: Hardware dependency-aware firmware fuzzing via hybrid MMIO modeling;Journal of Network and Computer Applications;2024-02

3. A Middleware to Improve Analysis Coverage in IoT Vulnerability Detection;2023 IEEE International Conference on Internet of Things and Intelligence Systems (IoTaIS);2023-11-28

4. Firmulti Fuzzer: Discovering Multi-process Vulnerabilities in IoT Devices with Full System Emulation and VMI;Proceedings of the 5th Workshop on CPS&IoT Security and Privacy;2023-11-26

5. The Human Side of Fuzzing: Challenges Faced by Developers during Fuzzing Activities;ACM Transactions on Software Engineering and Methodology;2023-11-23