Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (12): 9-17.doi: 10.11896/jsjkx.250400144

• Computer Software & Architecture • Previous Articles     Next Articles

AFL-VTest:Fuzzing Framework for Aerospace Embedded Software

WANG Shuai1, HUANG Chen2, JIANG Yunsong2, XIAO Xi1, WANG Guanlin1, YU Tingting2, XU Qizhen3   

  1. 1 Tsinghua Shenzhen International Graduate School, Shenzhen, Guangdong 518055, China
    2 Beijing Institute of Control Engineering, Beijing 100094, China
    3 Xiamen Software Supply Chain Security Public Technology Service Platform, Xiamen, Fujian 361000, China
  • Received:2025-04-29 Revised:2025-09-07 Online:2025-12-15 Published:2025-12-09
  • About author:WANG Shuai,born in 1997,postgra-duate.His main research interest is fuzzing test.
    XIAO Xi,born in 1979,Ph.D,associate professor.His main research interests include AI security and network security.
  • Supported by:
    This work was supported by the Natural Science Foundation of Guangdong Province(2025A1515011946) and Xiamen Software Supply Chain Security Public Technology Service Platform(3502Z20231042).

PDF (PC)

35

Abstract: The reliability of aerospace embedded software is a critical determinant of space mission success.Fuzzing has become the mainstream method for defect detection and vulnerability discovery today,and has achieved significant success in the field of software security.The research on fuzzing methods for aerospace embedded software has profound significance for enhancing the reliability of such software and promoting the progress of aerospace technology.Therefore,this paper proposes AFL-VTest,a fuzz testing framework specifically designed for aerospace embedded software.It integrates a streamlined source code instrumentation method and a novel checksum-fixing algorithm tailored to address limited memory resources and the prevalence of checksum verifications in embedded systems.Evaluation experiments conducted on multiple sample programs and practical aerospace embedded software demonstrate the effectiveness of the proposed instrumentation method and checksum fixing algorithm.Finally,AFL-VTest successfully uncoveres three previously undetected defects within the actual aerospace embedded software projects,thus verifying the effectiveness and practical value of the proposed method in bolstering the safety and reliability of aerospace systems.

Key words: Embedded software, Fuzz testing, Software testing, Defect detection, Source-level instrumentation

CLC Number: 

  • TP311
[1]CHEN L Q,WU G F,JIANG J H.Static Analysis Technique for Aerospace Embedded Software[J].Aerospace Contrd and Application,2021,47(2):86-92.
[2]WILLBOLDJ,SCHLOEGEL M,VÖGELE M,et al.Space odyssey:An experimental software security analysis of satellites[C]//2023 IEEE Symposium on Security and Privacy(SP).IEEE,2023:1-19.
[3]ZUO W J,DONG Y,HUANG C,et al.Research on static testing method of aerospace embedded software [J].Microelec-tronics & Compurer,2022,39(5):78-86.
[4]ZUO W J,YU L K,WANG X L,et al.Typical Test Cases Design Faults Research of Aerospace Embedded Software[J].Computer Measurement & Control,2019,27(10):36-40.
[5]ZUO W J,DONG Y,HUANG C,et al.Aerospace EmbeddedSoftware Code Logic Analysis[J].Computer Systems & Applications,2021,30(8):274-280.
[6]ZUO W J,WANG X L,HUANG C,et al.Analysis and Practice of ImplicitRequirement for Aerospace Embedded Software[J].Measurement & Control Technology,2023,42(10):24-29.
[7]SEREBRYANY K.Oss-fuzz-google’s continuous fuzzing service for open source software[EB/OL].https://github.com/google/oss-fuzz.
[8]YUN J,RUSTAMOV F,KIM J,et al.Fuzzing of embedded sys-tems:A survey[J].ACM Computing Surveys,2022,55(7):1-33.
[9]EISELE M,MAUGERI M,SHRIWAS R,et al.Embedded fuz-zing:a review of challenges,tools,and solutions[J].Cybersecurity,2022,5(1):18.
[10]SCHARNOWSKI T,BUCHMANN F,WÖRNER S,et al.ACase Study on Fuzzing Satellite Firmware[C]//Workshop on the Security of Space and Satellite Systems(SpaceSec).2023.
[11]SCHARNOWSKI T,BARS N,SCHLOEGEL M,et al.Fuzz-ware:Using precise MMIO modeling for effective firmware fuz-zing[C]//31st USENIX Security Symposium(USENIX Security 22).2022:1239-1256.
[12]ZALEWSKI M.AFL(American Fuzzy Lop)[EB/OL]. [2025-04-28].https://github.com/google/AFL.
[13]LLV M.libfuzzer[EB/OL].[2025-04-28].https://llvm.org/docs/Libfuzzer.html.
[14]Google.honggfuzz[EB/OL].[2025-04-28].https://github.com/google/honggfuzz.
[15]FAN R,PAN J,HUANG S.ARM-AFL:coverage-guided fuzzing framework for ARM-based IoT devices[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2020:239-254.
[16]DU X,CHEN A,HE B,et al.AflIot:Fuzzing on linux-based IoT device with binary-level instrumentation[J].Computers & Security,2022,122:102889.
[17]SHEN Y,XU Y,SUN H,et al.Tardis:Coverage-guided embedded operating system fuzzing[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2022,41(11):4563-4574.
[18]ZHANG C,LI Y,CHEN H,et al.Biff:Practical binary fuzzing framework for programs of iot and mobile devices[C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2021:1161-1165.
[19]QUYNHN A.Skorpio:Advanced binary instrumentation framework[EB/OL].[2025-10-12].https://groundx.io/docs/Opcde2018-skorpio.pdf.
[20]EISELE M,EBERT D,HUTH C,et al.Fuzzing embedded systems using debug interfaces[C]//Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis.2023:1031-1042.
[21]LI W,SHI J,LI F,et al.μAFL:non-intrusive feedback-driven fuzzing for microcontroller firmware[C]//Proceedings of the 44th International Conference on Software Engineering.2022:1-12.
[22]GAO Z,DONG W,CHANG R,et al.Fw-fuzz:A code coverage-guided fuzzing framework for network protocols on firmware[J].Concurrency and Computation:Practice and Experience,2022,34(16):e5756.
[23]BECKMANN M,STEFFAN J.Coverage-Guided Fuzzing ofEmbedded Systems Leveraging Hardware Tracing[C]//European Symposium on Research in Computer Security.Cham:Springer,2022:362-378.
[24]SPERL P,BÖTTINGER K.Side-channel aware fuzzing[C]//Computer Security-ESORICS 2019:24th European Symposium on Research in Computer Security.Springer,2019:259-278.
[25]FENG X,SUN R,ZHU X,et al.Snipuzz:Black-box fuzzing of iot firmware via message snippet inference[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:337-350.
[26]CHEN J,DIAO W,ZHAO Q,et al.IoTFuzzer:DiscoveringMemory Corruptions in IoT Through App-based Fuzzing[C]//NDSS.2018.
[27]REDINI N,CONTINELLA A,DAS D,et al.Diane:Identifying fuzzing triggers in apps to generate under-constrained inputs for iot devices[C]//2021 IEEE Symposium on Security and Privacy(SP).IEEE,2021:484-500.
[28]BELLARD F.QEMU:a fast and portable dynamic translator[C]//USENIX Annual Technical Conference,FREENIX Track.2005.
[29]ZHANGF,CUI B,CHEN C,et al.Simulation-Based Fuzzing for Smart IoT Devices[C]//Innovative Mobile and Internet Services in Ubiquitous Computing:Proceedings of the 15th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing(IMIS-2021).Springer,2022:304-313.
[30]KAMMERSTETTER M,PLATZER C,KASTNER W.Pros-pect:peripheral proxying supported embedded code testing[C]//Proceedings of the 9th ACM Symposium on Information,Computer and Communications Security.2014:329-340.
[31]ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:High-Throughput greybox fuzzing of IoT firmware via augmented process emulation[C]//28th USENIX Security Symposium(USENIX Security 19).2019:1099-1114.
[32]KIM J,YU J,KIM H,et al.FIRM-COV:high-coverage greybox fuzzing for IoT firmware via optimized process emulation[J].IEEE Access,2021,9:101627-101642.
[33]ZHENGY,LI Y,ZHANG C,et al.Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation[C]//Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis.2022:417-428.
[34]FENG B,MERA A,LU L.P2IM:Scalable and hardware-inde-pendent firmware testing via automatic peripheral interface modeling[C]//29th USENIX Security Symposium(USENIX Security 20).2020:1237-1254.
[35]MERA A,FENG B,LU L,et al.DICE:Automatic emulation ofDMA input channels for dynamic firmware analysis[C]//2021 IEEE Symposium on Security and Privacy(SP).IEEE,2021:1938-1954.
[36]WANG C,LIANG H.Value Peripheral Register Values forFuzzing MCU Firmware[C]//2023 IEEE 34th International Symposium on Software Reliability Engineering(ISSRE).IEEE,2023:718-729.
[37]ZHOU W,GUAN L,LIU P,et al.Automatic firmware emula-tion through invalidity-guided knowledge inference[C]//30th USENIX Security Symposium(USENIX Security 21).2021:2007-2024.
[38]CLEMENTSA A,GUSTAFSON E,SCHARNOWSKI T,et al.HALucinator:Firmware re-hosting through abstraction layer emulation[C]//29th USENIX Security Symposium(USENIX Security 20).2020:1201-1218.
[39]GUI Z,SHU H,YANG J.Firmnano:Toward iot firmware fuzzing through augmented virtual execution[C]//2020 IEEE 11th International Conference on Software Engineering and Service Science(ICSESS).IEEE,2020:290-294.
[40]FARRELLY G,CHESSER M,RANASINGHE D C.Ember-IO:effective firmware fuzzing with model-free memory mapped IO[C]//Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security.2023:401-414.
[41]FARRELLY G,QUIRK P,KANHERE S S,et al.SplITS:Split Input-to-State Mapping for Effective Firmware Fuzzing[C]//European Symposium on Research in Computer Security.Cham:Springer,2023:290-310.
[42]SCHARNOWSKI T,WÖRNER S,BUCHMANN F,et al.Hoedur:Embedded Firmware Fuzzing using Multi-Stream Inputs[C]//Proceedings of the 32nd USENIX Conference on Security Symposium.USENIX Association,2023:2885-2902.
[43]Sunwiseinfo.VTest[EB/OL]. [2025-04-28].http://www.sun-wiseinfo.com.cn/vtest.
[44]ASCHERMANN C,SCHUMILO S,BLAZYTKO T,et al.REDQUEEN:Fuzzing with Input-to-State Correspondence[C]//NDSS.2019:1-15.
[45]NETHERCOTE N,SEWARD J.Valgrind:A program supervision framework[J].Electronic Notes in Theoretical Computer Science,2003,89(2):44-66.
[46]SEREBRYANY K,BRUENING D,POTAPENKO A,et al.AddressSanitizer:A fast address sanity checker[C]//2012 USENIX Annual Technical Conference(USENIX ATC 12).2012:309-318.
[47]FIORALDI A,MAIER D,EIßFELDT H,et al.AFL++:Com-bining incremental steps of fuzzing research[C]//14th USENIX Workshop on Offensive Technologies(WOOT 20).2020.
[48]GOOGLE PROJECTZERO.WinAFL[EB/OL].https://github.com/googleprojectzero/winafl.
[1] SUN Qiming, HOU Gang, JIN Wenjie, HUANG Chen, KONG Weiqiang. Survey on Fuzzing of Embedded Software [J]. Computer Science, 2025, 52(7): 13-25.
[2] WANG Rui, TANG Zhanjun. Multi-feature Fusion and Ensemble Learning-based Wind Turbine Blade Defect Detection Method [J]. Computer Science, 2025, 52(6A): 240900138-8.
[3] DING Xuxing, ZHOU Xueding, QIAN Qiang, REN Yueyue, FENG Youhong. High-precision and Real-time Detection Algorithm for Photovoltaic Glass Edge Defects Based onFeature Reuse and Cheap Operation [J]. Computer Science, 2025, 52(6A): 240400146-10.
[4] SHI Heyuan, CHEN Shijun, ZHANG Qiang, SHEN Yuheng, JIANG Yu, SHI Ronghua. Configuration-guided Directed Kernel Fuzzing for Real-time Linux [J]. Computer Science, 2025, 52(6A): 240400161-8.
[5] CUI Kebin, HU Zhenzhen. Few-shot Insulator Defect Detection Based on Local and Global Feature Representation [J]. Computer Science, 2025, 52(6): 286-296.
[6] FANG Jinqiu, YUN Guorong, ZHAO Haiyong, XIE Haomeng. Advances in Automatic Software Defect Location Techniques [J]. Computer Science, 2025, 52(11A): 250200024-14.
[7] HAN Luchao, ZHANG Wei. Survey on Fuzz Testing Techniques for Network Protocols [J]. Computer Science, 2025, 52(11A): 241100173-9.
[8] TAN Jianhui, ZHANG Feng. Defect Detection of Engine Engraved Surface Based on Generative Data Augmentation andImproved Faster-RCNN [J]. Computer Science, 2025, 52(11A): 241200025-7.
[9] DUAN Pengsong, GAO Yang, ZHANG Dalong, CAO Yangjie, ZHAO Jie. C2P-YOLO:A Lightweight Crack Detection Algorithm for Wind Turbine Towers [J]. Computer Science, 2025, 52(11A): 250100126-6.
[10] YIN Jiale, CHEN Zhe. Dynamic Analysis Based Fuzz Testing for Memory Safety Vulnerabilities [J]. Computer Science, 2025, 52(11): 382-389.
[11] LUO Hangyu, WANG Xiaoping, MEI Meng, ZHAO Wenhao, LIU Sichun. Contrastive Representation Learning for Industrial Defect Detection [J]. Computer Science, 2025, 52(1): 210-220.
[12] WANG Shuanqi, ZHAO Jianxin, LIU Chi, WU Wei, LIU Zhao. Fuzz Testing Method of Binary Code Based on Deep Reinforcement Learning [J]. Computer Science, 2024, 51(6A): 230800078-7.
[13] JIAO Ruodan, GAO Donghui, HUANG Yanhua, LIU Shuo, DUAN Xuanfei, WANG Rui, LIU Weidong. Study and Verification on Few-shot Evaluation Methods for AI-based Quality Inspection in Production Lines [J]. Computer Science, 2024, 51(6A): 230700086-8.
[14] DAI Yongdong, JIN Yang, DAI Yufan, FU Jing, WANG Maofei, LIU Xi. Study on Intelligent Defect Recognition Algorithm of Aerial Insulator Image [J]. Computer Science, 2024, 51(6A): 230700172-5.
[15] HUANG Haixin, WU Di. Steel Defect Detection Based on Improved YOLOv7 [J]. Computer Science, 2024, 51(6A): 230800018-5.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.