MABFuzz: Multi-Armed Bandit Algorithms for Fuzzing Processors.
CoRR(2023)
摘要
As the complexities of processors keep increasing, the task of effectively
verifying their integrity and security becomes ever more daunting. The
intricate web of instructions, microarchitectural features, and
interdependencies woven into modern processors pose a formidable challenge for
even the most diligent verification and security engineers. To tackle this
growing concern, recently, researchers have developed fuzzing techniques
explicitly tailored for hardware processors. However, a prevailing issue with
these hardware fuzzers is their heavy reliance on static strategies to make
decisions in their algorithms. To address this problem, we develop a novel
dynamic and adaptive decision-making framework, MABFuzz, that uses multi-armed
bandit (MAB) algorithms to fuzz processors. MABFuzz is agnostic to, and hence,
applicable to, any existing hardware fuzzer. In the process of designing
MABFuzz, we encounter challenges related to the compatibility of MAB algorithms
with fuzzers and maximizing their efficacy for fuzzing. We overcome these
challenges by modifying the fuzzing process and tailoring MAB algorithms to
accommodate special requirements for hardware fuzzing.
We integrate three widely used MAB algorithms in a state-of-the-art hardware
fuzzer and evaluate them on three popular RISC-V-based processors. Experimental
results demonstrate the ability of MABFuzz to cover a broader spectrum of
processors' intricate landscapes and doing so with remarkable efficiency. In
particular, MABFuzz achieves up to 308x speedup in detecting vulnerabilities
and up to 5x speedup in achieving coverage compared to a state-of-the-art
technique.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要