Search Icon
Register

ReFuzz: Reusing Tests for Processor Fuzzing with Contextual Bandits

Chen Chen (Texas A&M University), Zaiyan Xu (Texas A&M University), Mohamadreza Rostami (Technical University of Darmstadt), David Liu (Texas A & M University), Dileep Kalathil (TAMU), Ahmad-Reza Sadeghi (TU Darmstadt), Jeyavijayan Rajendran (TAMU)

Processor designs rely on iterative modifications and reuse well-established designs. However, this reuse of prior designs also leads to similar vulnerabilities across multiple processors. As processors grow increasingly complex with iterative modifications, efficiently detecting vulnerabilities from modern processors is critical. Inspired by software fuzzing, hardware fuzzing has recently demonstrated its effectiveness in detecting processor vulnerabilities. Yet, to our best knowledge, existing processor fuzzers fuzz each design individually, lacking the capability to understand known vulnerabilities in prior processors to fine-tune fuzzing to identify similar or new variants of vulnerabilities.

To address this gap, we present *ReFuzz*, an adaptive fuzzing framework that leverages contextual bandit to reuse highly effective tests from prior processors to fuzz a processor-under-test (PUT) within a given ISA. By intelligently mutating tests that trigger vulnerabilities in prior processors, ReFuzz detects similar and new variants of vulnerabilities in PUTs. *ReFuzz* uncovered three new security vulnerabilities and two new functional bugs. *ReFuzz* detected one vulnerability by reusing a test that triggers a known vulnerability in a prior processor. One functional bug exists across three processors that share design modules. The second bug has two variants. Additionally, *ReFuzz* reuses highly effective tests to enhance efficiency in coverage, achieving an average $511.23times{}$ coverage speedup and up to $9.33%$ more total coverage, compared to existing fuzzers.

Paper

View More Papers

Cache Me, Catch You: Cache Related Security Threats in...

XiangFan Wu (Ocean University of China; QI-ANXIN Technology Research Institute), Lingyun Ying (QI-ANXIN Technology Research Institute), Guoqiang Chen (QI-ANXIN Technology Research Institute), Yacong Gu (Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS), Haipeng Qu (Department of Computer Science and Technology, Ocean University of China)

Read More

EXIA: Trusted Transitions for Enclaves via External-Input Attestation

Zhen Huang (Shanghai Jiao Tong University), Yidi Kao (Auburn University), Sanchuan Chen (Auburn University), Guoxing Chen (Shanghai Jiao Tong University), Yan Meng (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University)

Read More

Targeted Password Guessing Using k-Nearest Neighbors

Zhen Li (Nankai University), Ding Wang (Nankai University)

Read More