Hybrid Hardware Fuzzer, Combining Capabilities of Formal Verification Methods And Fuzzing Tools


A new technical paper titled “HyPFuzz: Formal-Assisted Processor Fuzzing” was published by researchers at Texas A&M University and Technische Universität Darmstadt.

“Recent research has shown that hardware fuzzers can effectively detect security vulnerabilities in modern processors. However, existing hardware fuzzers do not fuzz well the hard-to-reach design spaces. Consequently, these fuzzers cannot effectively fuzz security-critical control- and data-flow logic in the processors, hence missing security vulnerabilities. To tackle this challenge, we present HyPFuzz, a hybrid fuzzer that leverages formal verification tools to help fuzz the hard-to-reach part of the processors. To increase the effectiveness of HyPFuzz, we perform optimizations in time and space. First, we develop a scheduling strategy to prevent under- or over-utilization of the capabilities of formal tools and fuzzers. Second, we develop heuristic strategies to select points in the design space for the formal tool to target. We evaluate HyPFuzz on five widely-used open-source processors. HyPFuzz detected all the vulnerabilities detected by the most recent processor fuzzer and found three new vulnerabilities that were missed by previous extensive fuzzing and formal verification. This led to two new common vulnerabilities and exposures (CVE) entries. HyPFuzz also achieves 11.68× faster coverage than the most recent processor fuzzer.”

Find the technical paper here. Published April 2023.

Chen, Chen, Rahul Kande, Nathan Nyugen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. “HyPFuzz: Formal-Assisted Processor Fuzzing.” arXiv preprint arXiv:2304.02485 (2023).

Related Reading
Click here for more security papers.

Leave a Reply

(Note: This name will be displayed publicly)