Paper Info
Title
Tardis: Coverage-Guided Embedded Operating System Fuzzing
Abstract
Embedded operating systems (Embedded OSs) are extensively deployed in many mission-critical industrial scenarios. Any defects within these systems may result in unacceptable losses. Therefore, it is imperative to develop tools to detect bugs within Embedded OSs, thus minimizing potential impacts on industrial infrastructures. Coverage-guided fuzzing is a vulnerability detection technique that has found numerous real-world vulnerabilities within both application programs as well as kernels. However, state-of-the-art kernel fuzzers, e.g., Syzkaller, mainly target general purpose-operating systems, such as Linux, macOS, and Windows, whereas Embedded OSs support is mostly lacking. In this article, we propose Tardis, the first Embedded OSs fuzzer capable of testing a wide selection of Embedded OSs while leveraging coverage feedback. Tardis conducts OS-agnostic code coverage collection and analysis, allowing developers and testers to test a wide range of Embedded OSs without significant manual efforts. We implemented and evaluated Tardis on several well-known Embedded OSs, such as UC/OS and FreeRTOS. Tardis can successfully perform fuzz testing on these kernels without significant manual effort for adaptation. By leveraging coverage feedback, Tardis can cover 51.32% more branches than black-box fuzzing on average on the respective Embedded OSs over 24 h. Tardis also found 17 previously unknown bugs among the target Embedded OSs.
Year
DOI
Venue
2022
10.1109/TCAD.2022.3198910
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Keywords
DocType
Volume
Embedded operating system (Embedded OSs),fuzz testing,vulnerability detection
Journal
41
Issue
ISSN
Citations 
11
0278-0070
0
PageRank 
References 
Authors
0.34
12
8
Name
Order
Citations
PageRank
Yuheng Shen100.34
Yiru Xu200.34
Hao Sun300.34
Jianzhong Liu400.34
Zichen Xu500.68
Aiguo Cui600.34
Heyuan Shi700.34
Yu Jiang834656.49