IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware

Peiyu Liu, Shouling Ji, Xuhong Zhang, Qinming Dai, Kangjie Lu, Lirong Fu, Wenzhi Chen, Peng Cheng, Wenhai Wang, Raheem Beyah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

IoT devices are abnormally prone to diverse errors due to harsh environments and limited computational capabilities. As a result, correct error handling is critical in IoT. Implementing correct error handling is non-trivial, thus requiring extensive testing such as fuzzing. However, existing fuzzing cannot effectively test IoT error-handling code. First, errors typically represent corner cases, thus are hard to trigger. Second, testing error-handling code would frequently crash the execution, which prevents fuzzing from testing following deep error paths.In this paper, we propose IFIZZ, a new bug detection system specifically designed for testing error-handling code in Linux-based IoT firmware. IFIZZ first employs an automated binary-based approach to identify realistic runtime errors by analyzing errors and error conditions in closed-source IoT firmware. Then, IFIZZ employs state-aware and bounded error generation to reach deep error paths effectively. We implement and evaluate IFIZZ on 10 popular IoT firmware. The results show that IFIZZ can find many bugs hidden in deep error paths. Specifically, IFIZZ finds 109 critical bugs, 63 of which are even in widely used IoT libraries. IFIZZ also features high code coverage and efficiency, and covers 67.3% more error paths than normal execution. Meanwhile, the depth of error handling covered by IFIZZ is 7.3 times deeper than that covered by the state-of-the-art method. Furthermore, IFIZZ has been practically adopted and deployed in a worldwide leading IoT company. We will open-source IFIZZ to facilitate further research in this area.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages805-816
Number of pages12
ISBN (Electronic)9781665403375
DOIs
StatePublished - 2021
Event36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 - Virtual, Online, Australia
Duration: Nov 15 2021Nov 19 2021

Publication series

NameProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

Conference

Conference36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
Country/TerritoryAustralia
CityVirtual, Online
Period11/15/2111/19/21

Bibliographical note

Funding Information:
This work was partly supported by NSFC under No. U1936215, the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars under No. LR19F020003, the Fundamental Research Funds for the Central Universities (Zhejiang University NGICS Platform), the National Key Research and Development Program of China under Grant No. 2020AAA0140004, and Alibaba-Zhejiang University Joint Research Institute of Frontier Technologies.

Publisher Copyright:
© 2021 IEEE.

Fingerprint

Dive into the research topics of 'IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware'. Together they form a unique fingerprint.

Cite this