Vulnerability detection in SIoT applications: a fuzzing method on their binaries

Xiaogang Zhu, Sheng Wen, Alireza Jolfaei, Mohammad Sayadhaghighi, Seyit Camtepe, Yang Xiang

Research output: Contribution to journalArticlepeer-review

Abstract

SIoT enables devices to communicate with each other automatically, which is not reliable when applications in SIoT are vulnerable. To improve the security of SIoT, different techniques have been employed so far, mainly to detect vulnerabilities in SIoT applications. Among the detection techniques, fuzzing is one of the most effective ones that can significantly improve the security of SIoT applications. However, the existing fuzzing methods have three problems. First of all, the schemes to instrument target binaries cause high memory overhead because they instrument at all edges to obtain the coverage information. Moreover, they introduce a severe problem called edge collision, i.e., two different edges are deemed the same during fuzzing. Thirdly, none of the existing fuzzers conduct fuzzing using path coverage because path coverage has high memory overhead. In this paper, we propose BECFuzz to resolve the above three problems. BECFuzz instruments at specific edges, and conducts fuzzing based on both edge coverage and path coverage, which greatly improves its effectiveness. We implement our BECFuzz based on two typical fuzzers which are widely recognised as baselines, AFL and AFLFast, and run experiments on 18 real-world programs. The results demonstrate that our method suppresses the state-of-art fuzzers in performance.

Original languageEnglish
JournalIEEE Transactions on Network Science and Engineering
DOIs
Publication statusE-pub ahead of print - 16 Nov 2020

Keywords

  • Computer bugs
  • Edge Coverage
  • Fuzzing
  • Image edge detection
  • Instruments
  • Internet of Things
  • IoT Applications
  • Path Coverage
  • Security
  • Social Internet of Things
  • Static analysis

Fingerprint Dive into the research topics of 'Vulnerability detection in SIoT applications: a fuzzing method on their binaries'. Together they form a unique fingerprint.

Cite this