Abstract
With the proliferation of IoT devices, an increasing number of attack surfaces are exposed to malicious hackers. Discovering vulnerabilities in IoT devices and patching them is imperative. However, there is a lack of effective tools to help IoT developers discover vulnerabilities in their code. Fuzzing is an effective and widely used technique to discover software vulnerabilities in general-purpose computers. In this paper, we present ARM-AFL, an effective, coverage-guided fuzzing framework for ARM-based IoT devices. ARM-AFL instruments software during compilation and runs fuzzing directly on IoT devices. This addresses compatibility issues in user-mode emulation and provides higher throughput than full-system emulation. We also design a light-weight heap memory corruption detector (lwHMCD), which is able to detect three kinds of silent heap memory corruptions. By combining ARM-AFL and lwHMCD, IoT developers can discover vulnerabilities before an attacker does.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IoT 2019 in Review: The 10 Most Relevant IoT Developments of the Year. https://iot-analytics.com/iot-2019-in-review/, 7 January 2020
Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: 23rd USENIX Security Symposium (USENIX Security 14) 2014, pp. 95–110 (2014)
Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1099–1114 (2019)
Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS 2018, February 2018
American fuzzy lop. http://lcamtuf.coredump.cx/afl/
Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for linux-based embedded firmware. In: NDSS 2016, 21 February, pp. 1–16 (2016)
Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security 2016, 24 October, pp. 480–491. ACM (2016)
Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., Song, D.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security 2017, 30 October, pp. 363–376. ACM (2017)
Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware. In: NDSS 2015, 8 February (2015)
Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D.: AVATAR: a framework to support dynamic security analysis of embedded systems’ firmwares. In: NDSS 2014, 23 February, pp. 1–16 (2014)
Set of tests for fuzzing engines. https://github.com/google/fuzzer-test-suite/
Raspberry Pi 3 Model B. https://www.raspberrypi.org/products/raspberry-pi-3-model-b/
Serebryany, K., Bruening, D., Potapenko, A., Vyukov. D.: AddressSanitizer: a fast address sanity checker. In: Presented as part of the 2012 USENIX Annual Technical Conference (USENIXATC 12) 2012, pp. 309–318
OpenSSL. https://www.openssl.org/
c-ares. https://c-ares.haxx.se/
libpng. http://www.libpng.org/
Little CMS. http://www.littlecms.com/
PCRE - Perl Compatible Regular Expressions. https://www.pcre.org/
Wakaama. https://www.eclipse.org/wakaama/
lwIP - A Lightweight TCP/IP stack. https://savannah.nongnu.org/projects/lwip/
The Heartbleed Bug. http://heartbleed.com/
CVE-2016-5180. https://www.cvedetails.com/cve/CVE-2016-5180/
Muench, M., Stijohann, J., Kargl, F., Francillon, A., Balzarotti, D.: What you corrupt is not what you crash: challenges in fuzzing embedded devices. In: NDSS 2018, February 2018
Wikipedia. Heap overflow (2019). https://en.wikipedia.org/wiki/Heap_overflow
Wikipedia. Dangling pointer (2019). https://en.wikipedia.org/wiki/Dangling_pointer
Wikipedia. C dynamic memory allocation (2019). https://en.wikipedia.org/wiki/C_dynamic_memory_allocation
Dolan-Gavitt, B., et al.: Large-scale automated vulnerability addition. In: 2016 IEEE Symposium on Security and Privacy (SP) 2016, 22 May, pp. 110–121. IEEE (2016)
Valgrind. https://valgrind.org/
Zhang, C., Zhu, L., Xu, C., et al.: Reliable and privacy-preserving truth discovery for mobile crowdsensing systems. IEEE Trans. Dependable Secure Comput. (2019). https://doi.org/10.1109/TDSC.2019.2919517
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fan, R., Pan, J., Huang, S. (2020). ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2020. Lecture Notes in Computer Science(), vol 12418. Springer, Cham. https://doi.org/10.1007/978-3-030-61638-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-61638-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61637-3
Online ISBN: 978-3-030-61638-0
eBook Packages: Computer ScienceComputer Science (R0)