Synthesized corpora to evaluate fuzzing for green internet of things programs

Xiaogang Zhu*, Sheng Wen, Alireza Jolfaei, Seyit Camtepe, Yang Xiang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

IoT devices usually have resource limitations and are prone to compromise. They are not well equipped with extra controls to promote their security. Green IoT (GIoT) devices are even more conservative in spending their resources. An effective way of promoting GIoT security at a low cost is removing program vulnerabilities. Fuzzing is a promising technique that exposes bugs in IoT programs. To evaluate a fuzzer performance, we make it run the test programs from some corpora to show its ability in detecting bugs. However, the contexts of bugs are not provided by the existing corpora, which may mislead the evaluation. Due to the complex logic of real-world programs, especially the GIoT ones, it is hard to obtain the bugs context. In this research, we propose to synthesize programs based on road-rock features that protect bugs from being exposed. Accordingly, we design a framework to generate a corpora that provide us with the contexts of bugs for more comprehensive fuzzing evaluation. As a case study, we evaluate AFL and AFLFast by using the synthesized corpora. The results show that AFLFast has the weakness of cycle explosion, which prevents fuzzing from examining more test cases. We developed AFLFast+ to overcome this issue.

Original languageEnglish
Pages (from-to)1041-1050
Number of pages10
JournalIEEE Transactions on Green Communications and Networking
Volume5
Issue number3
Early online date24 Mar 2021
DOIs
Publication statusPublished - Sept 2021

Keywords

  • Internet
  • security
  • program interpreters
  • software performance
  • green Internet of Things
  • vulnerability analysis
  • fuzzing
  • synthetic corpora
  • performance evaluation

Fingerprint

Dive into the research topics of 'Synthesized corpora to evaluate fuzzing for green internet of things programs'. Together they form a unique fingerprint.

Cite this