Fuzz testing (“fuzzing”) is a widely-used technique for discovering problems, crashes, and security vulnerabilities in software. Fuzzing explores the input space of an application guided by execution metrics such as code coverage. Fuzzing is well-established and easy to deploy for regular user-level applications. However, fuzzing low-level code such as boot loaders, device firmware, embedded microcontroller code, and operating system drivers is much more challenging.
Virtual platforms (VP), i.e., simulations of hardware, enable fuzzing for such hard-to-get-at code. VPs provide ways to feed inputs directly to the embedded code and they can measure code coverage and other metrics directly on the production binaries. The VP allows the user to detect fault conditions like software accessing the wrong memory or hardware or resulting in unexpected exceptions and interrupts. It does not matter if the fuzzed software is bare metal or using a real-time operating system. When VPs are used to model future hardware, fuzzing can be performed in a “shift-left” mode, validating the software before the hardware arrives. From the perspective of a fuzzing tool, the VP that is running the embedded software looks like a user-level fuzzing target, allowing reuse of existing fuzzing tools with no changes.
The presentation is presented by Jakob Engblom, Director of the simulation technology ecosystem at Intel. Jakob has long been studying virtual platforms and full-system simulations and is an expert in the field. The presentation will be conducted in English*.
