Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

PHI: Pseudo-HAL Identification for Scalable Firmware Fuzzing

Full metadata record
DC Field Value Language
dc.contributor.authorJeong, Seyeon-
dc.contributor.authorHwang, Eunbi-
dc.contributor.authorCho, Yeongpil-
dc.contributor.authorKwon, Taekyoung-
dc.date.accessioned2024-05-19T23:00:23Z-
dc.date.available2024-05-19T23:00:23Z-
dc.date.issued2024-03-
dc.identifier.issn0302-9743-
dc.identifier.issn1611-3349-
dc.identifier.urihttps://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/194740-
dc.description.abstractFirmware fuzzing aims to detect vulnerabilities in firmware by emulating peripherals at different levels: hardware, register, and function. HAL-Fuzz, which emulates peripherals through HAL function handling, is a remarkable firmware fuzzer. However, its effectiveness is confined to firmware solely relying on HAL functions, and it necessitates intricate firmware information for best outcomes, thereby limiting its target firmware range. Notably, in commercial firmware, both HAL and non-HAL (which we call “pseudo-HAL”) functions are prevalent. Identifying and addressing both is crucial for comprehensive peripheral control in fuzzing. In this paper, we present PHI, a tool designed to identify HAL and pseudo-HAL functions at the register-level. Using PHI, we develop PHI-Fuzz, an enhanced firmware fuzzer operating at the function-level. This fuzzer efficiently manages HAL and pseudo-HAL functions, demanding minimal prior knowledge yet delivering substantial results. Our evaluation demonstrates that PHI identifies HAL functions accessing the MMIO range as effectively as LibMatch of HAL-Fuzz, while overcoming its constraints in detecting pseudo-HAL functions. Significantly, when benchmarked against HAL-Fuzz, PHI-Fuzz showcases superior bug-finding capabilities, uncovering crashes that HAL-Fuzz missed.-
dc.format.extent21-
dc.language영어-
dc.language.isoENG-
dc.publisherSpringer Verlag-
dc.titlePHI: Pseudo-HAL Identification for Scalable Firmware Fuzzing-
dc.typeArticle-
dc.publisher.location미국-
dc.identifier.doi10.1007/978-981-97-1238-0_4-
dc.identifier.scopusid2-s2.0-85189303246-
dc.identifier.wosid001209294600004-
dc.identifier.bibliographicCitationLecture Notes in Computer Science, v.14562 LNCS, pp 60 - 80-
dc.citation.titleLecture Notes in Computer Science-
dc.citation.volume14562 LNCS-
dc.citation.startPage60-
dc.citation.endPage80-
dc.type.docTypeProceedings Paper-
dc.description.isOpenAccessN-
dc.description.journalRegisteredClassscopus-
dc.relation.journalResearchAreaComputer Science-
dc.relation.journalResearchAreaMathematics-
dc.relation.journalWebOfScienceCategoryComputer Science, Information Systems-
dc.relation.journalWebOfScienceCategoryComputer Science, Theory & Methods-
dc.relation.journalWebOfScienceCategoryMathematics, Applied-
dc.subject.keywordPlusBug finding-
dc.subject.keywordPlusFunctions level-
dc.subject.keywordPlusFuzzing-
dc.subject.keywordPlusHardware Abstraction Layers-
dc.subject.keywordPlusPeripheral control-
dc.subject.keywordPlusPrior-knowledge-
dc.subject.keywordPlusSecurity-
dc.subject.keywordAuthorFirmware-
dc.subject.keywordAuthorFuzzing-
dc.subject.keywordAuthorHardware Abstraction Layer-
dc.subject.keywordAuthorSecurity-
dc.identifier.urlhttps://link.springer.com/chapter/10.1007/978-981-97-1238-0_4-
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Cho, Yeong pil photo

Cho, Yeong pil
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE