Description
Low security and wide availability make IoT devices tempting targets for attackers. In order to automatically
identify vulnerabilities in such devices before they can be exploited, we frequently make use of fuzzing. Fuzzing
the firmware directly on the device has a number of drawbacks; therefore, we typically resort to emulation.
However, accurate emulation of the low-level components of a target system is slow, with a significant amount of
overhead incurred by emulating the translation from virtual to physical addresses. Hardware-assisted virtualization
allows us in many cases to efficiently perform this translation using the host's MMU.
In this work, we design and implement a QEMU accelerator that employs hardware-assisted virtualization to speed up
address translation in a cross-architecture setting, and demonstrate the viability and usefulness of our approach
on the SPEC CPU2017 benchmark. Using this accelerator, we construct a fuzzing framework that connects QEMU's
system-mode emulation with AFL++, and achieves significant performance improvements over existing full-system
fuzzers like TRIFORCEAFL.
|
