KVFL: Key-Value-Based Persistent Fuzzing for IoT Web Servers.

As the number of Internet of Thing (IoT) devices increases, attacks against their vulnerabilities have become a serious threat. The web servers (WSs) in IoT devices provide management services for end-users, which are currently the major attack surface. Several fuzzing solutions for identifying vulnerabilities in IoT devices have been proposed, but there is currently no grey-box fuzzer specifically designed for the unique features of WSs in IoT to effectively detect memory corruption vulnerabilities. We design and implement KVFL, an efficient grey-box fuzzer, to address the issues of low throughput and slow exploration of deep code when fuzzing for IoT WSs. Firstly, KVFL employs a delicate hooking technology that heuristically hijacks and emulates hardware-dependent functions, ensuring WSs can be accurately and efficiently emulated in user-mode. On this basis, KVFL fully utilizes the loop parsing HTTP requests feature of WSs through a redesigned fork-server, to minimize nonessential rebooting losses of the target, thereby significantly improving fuzzing throughput. Secondly, KVFL leverages code coverage feedback to automatically infer a set of valid Keys and derive a Key-Value mutation. This enables the generation of high-quality test cases that can facilitate deeper code exploration of WSs. The evaluation results show that compared to the state-of-the-art IoT grey-box fuzzer FIRM-AFL, KVFL improves the throughput by over 2× and explores 4.5× more edges. Additionally, it identifies all 1-day vulnerabilities with over 7× faster speed than the baseline and detects three previously unknown 0-day vulnerabilities. These all indicate that KVFL is effective and efficient at fuzzing IoT WSs. [ABSTRACT FROM AUTHOR]