Abstract
IoT devices usually have resource limitations and are prone to compromise. They are not well equipped with extra controls to promote their security. Green IoT (GIoT) devices are even more conservative in spending their resources. An effective way of promoting GIoT security at a low cost is removing program vulnerabilities. Fuzzing is a promising technique that exposes bugs in IoT programs. To evaluate a fuzzer performance, we make it run the test programs from some corpora to show its ability in detecting bugs. However, the contexts of bugs are not provided by the existing corpora, which may mislead the evaluation. Due to the complex logic of real-world programs, especially the GIoT ones, it is hard to obtain the bugs context. In this research, we propose to synthesize programs based on road-rock features that protect bugs from being exposed. Accordingly, we design a framework to generate a corpora that provide us with the contexts of bugs for more comprehensive fuzzing evaluation. As a case study, we evaluate AFL and AFLFast by using the synthesized corpora. The results show that AFLFast has the weakness of cycle explosion, which prevents fuzzing from examining more test cases. We developed AFLFast+ to overcome this issue.
| Original language | English |
|---|---|
| Pages (from-to) | 1041-1050 |
| Number of pages | 10 |
| Journal | IEEE Transactions on Green Communications and Networking |
| Volume | 5 |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - Sep 2021 |
| Externally published | Yes |
Keywords
- fuzzing
- green Internet of Things
- Internet
- performance evaluation
- program interpreters
- security
- software performance
- synthetic corpora
- vulnerability analysis