TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities

by   Aakash Tyagi, et al.

The increasing complexity of modern processors poses many challenges to existing hardware verification tools and methodologies for detecting security-critical bugs. Recent attacks on processors have shown the fatal consequences of uncovering and exploiting hardware vulnerabilities. Fuzzing has emerged as a promising technique for detecting software vulnerabilities. Recently, a few hardware fuzzing techniques have been proposed. However, they suffer from several limitations, including non-applicability to commonly used Hardware Description Languages (HDLs) like Verilog and VHDL, the need for significant human intervention, and inability to capture many intrinsic hardware behaviors, such as signal transitions and floating wires. In this paper, we present the design and implementation of a novel hardware fuzzer, TheHuzz, that overcomes the aforementioned limitations and significantly improves the state of the art. We analyze the intrinsic behaviors of hardware designs in HDLs and then measure the coverage metrics that model such behaviors. TheHuzz generates assembly-level instructions to increase the desired coverage values, thereby finding many hardware bugs that are exploitable from software. We evaluate TheHuzz on four popular open-source processors and achieve 1.98x and 3.33x the speed compared to the industry-standard random regression approach and the state-of-the-art hardware fuzzer, DiffuzRTL, respectively. Using TheHuzz, we detected 11 bugs in these processors, including 8 new vulnerabilities, and we demonstrate exploits using the detected bugs. We also show that TheHuzz overcomes the limitations of formal verification tools from the semiconductor industry by comparing its findings to those discovered by the Cadence JasperGold tool.



page 1

page 2

page 3

page 4


When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs

In this paper, we take a deep dive into microarchitectural security from...

Real time Detection of Spectre and Meltdown Attacks Using Machine Learning

Recently discovered Spectre and meltdown attacks affects almost all proc...

μAFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware

Fuzzing is one of the most effective approaches to finding software flaw...

Fuzzing Hardware Like Software

Hardware flaws are permanent and potent: hardware cannot be patched once...

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

JavaScript (JS) engine vulnerabilities pose significant security threats...

Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing

As an infrastructure for data persistence and analysis, Database Managem...

Software-Hardware Evolution and birth of Multicore Processors

This paper presents a brief journey to the evolution of computer hardwar...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.