Professional Documents
Culture Documents
Abstract:
With a growing number of embedded devices that create, transform and send
data autonomously at its core, the Internet-of-Things (IoT) is a reality in
different sectors such as manufacturing, healthcare or transportation. With
this expansion, the loT is becoming more present in critical environments,
where security is paramount. Infamous attacks such as Mirai have shown the
insecurity of the devices that power the loT, as well as the potential of such
large-scale attacks. Therefore, it is important to secure these embedded
systems that form the backbone of the IoT. However, the particular nature of
these devices and their resource constraints mean that the most cost-effective
manner of securing these devices is to secure them before they are deployed,
by minimizing the number of vulnerabilities they ship. To this end, fuzzing has
proved itself as a valuable technique for automated vulnerability finding where
specially crafted inputs are fed to programs in order to trigger vulnerabilities
and crash the system. In this survey, we link the world of embedded IoT
devices and fuzzing. For this end, we list the particularities of the embedded
world as far as security is concerned, we perform a literature review on fuzzing
techniques and proposals, studying their applicability to embedded lot devices
and, finally, we present future research directions by pointing out the gaps
identified in the review.
References:
1) SIoTFuzzer: fuzzing web interface in IoT firmware via stateful message
generation,Hangwei Zhang, Kai Lu, Xu Zhou, Qidi Yin, Pengfei Wang, Tai
Yue,Applied Sciences 11 (7), 3120, 2021