research-article

Open access

The Fuzz Odyssey: A Survey on Hardware Fuzzing Frameworks for Hardware Design Verification

Authors:

Raghul Saravanan,

Sai Manoj Pudukotai DinakarraoAuthors Info & Claims

GLSVLSI '24: Proceedings of the Great Lakes Symposium on VLSI 2024

Pages 192 - 197

https://doi.org/10.1145/3649476.3658697

Published: 12 June 2024 Publication History

All formats PDF

Abstract

Hardware Security is at stake driven by the growing complexity and integration of processors, SoCs, and diverse third-party intellectual property (IP) hardware, all geared toward delivering advanced solutions. To preserve the system integrity and mitigate the post-production re-engineering costs, the Design Verification (DV) community employs dynamic and formal verification strategies. However, with the ever-increasing complexity of modern processors, these techniques fall in short of scalability and increased verification time. Recently, hardware fuzzing inspired by software testing has been navigating uncharted territories in hardware bug detection capabilities. Multiple hardware fuzzing techniques have been recently introduced that either utilize the hardware design in its inherent form for fuzzing or convert the hardware into software models and perform fuzzing to detect bugs. However, the existing techniques claim to be a silver bullet in their way, we provide some critical insights on these techniques by reviewing the fundamental principles of hardware fuzzing frameworks, the methodologies involved, and the diverse hardware designs in which they can be employed. Furthermore, we discuss the challenges and limitations of the fuzzing framework. We also present feasible future research directions based on our observations and insights.

References

[1]

Nitay Artenstein. 2017. BROADPWN: Remotely Compromising Android and iOS via a bug in BROADCOM’S Wi-Fi Chipsets. In BlackHat USA.

[2]

A.Yen. 2012. Trends in the Global IC Design Service Market. In Digitimes. https://www.digitimes.com/news/a20120313RS400.html&chid=2 last accessed 3/4/24.

[3]

Pallavi Borkar, Chen Chen, Mohamadreza Rostami, Nikhilesh Singh, Rahul Kande, Ahmad-Reza Sadeghi, Chester Rebeiro, and Jeyavijayan Rajendran. 2024. WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors. arXiv preprint arXiv:2402.03704 (2024).

[4]

Sadullah Canakci, Leila Delshadtehrani, Furkan Eris, Michael Bedford Taylor, Manuel Egele, and Ajay Joshi. 2021. DirectFuzz: Automated Test Generation for RTL Designs using Directed Graybox Fuzzing. In 2021 58th ACM/IEEE Design Automation Conference (DAC). 529–534.

Digital Library

[5]

S. Canakci, C. Rajapaksha, L. Delshadtehrani, A. Nataraja, M. Taylor, M. Egele, and A. Joshi. 2023. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[6]

Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. 2023. HyPFuzz: Formal-Assisted Processor Fuzzing. 1361–1378.

[7]

James C. Chen, Hsin Rau, Cheng-Ju Sun, Hung-Wen Stzeng, and Chia-Hsun Chen. 2009. Workflow design and management for IC supply chain. In International Conference on Networking, Sensing and Control. 697–701.

[8]

Mingsong Chen and Prabhat Mishra. 2011. Property Learning Techniques for Efficient Generation of Directed Tests. IEEE Trans. Comput. 60, 6 (Feb 2011).

Digital Library

[9]

Michael R. Clarkson and Fred B. Schneider. 2008. Hyperproperties. In 2008 21st IEEE Computer Security Foundations Symposium. 51–65.

[10]

Ghada Dessouky, David Gens, Patrick Haney, Garrett Persyn, Arun Kanuparthi, Hareesh Khattri, Jason M. Fung, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. 2019. Hardfails: Insights into Software-Exploitable Hardware Bugs. In USENIX Conference on Security Symposium.

[11]

Sai Manoj Pudukotai Dinakarrao, H. Yu, C. Gu, and C. Zhuo. 2014. A zonotoped macromodeling for reachability verification of eye-diagram in high-speed I/O links with jitter. In 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[12]

Xiaolong Guo, Raj Gautam Dutta, Prabhat Mishra, and Yier Jin. 2017. Automatic Code Converter Enhanced PCH Framework for SoC Trust Verification. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 25, 12 (2017), 3390–3400.

[13]

Matthew Hicks, Cynthia Sturton, Samuel T. King, and Jonathan M. Smith. 2015. SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs. SIGPLAN Not. 50, 4 (Mar 2015), 517–529.

Digital Library

[14]

Muhammad Monir Hossain, Arash Vafaei, Kimia Zamiri Azar, Fahim Rahman, Farimah Farahmandi, and Mark Tehranipoor. 2023. SoCFuzzer: SoC Vulnerability Detection using Cost Function enabled Fuzz Testing. In Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]

Jaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, and Byoungyoung Lee. 2021. DifuzzRTL: Differential Fuzz Testing to Find CPU Bugs. In IEEE Symposium on Security and Privacy (SP).

[16]

Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, and Jeyavijayan Rajendran. 2022. TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities. In USENIX Security Symposium (USENIX Security).

[17]

Kevin Laeufer, Jack Koenig, Donggyu Kim, Jonathan Bachrach, and Koushik Sen. 2018. RFUZZ: Coverage-Directed Fuzz Testing of RTL on FPGAs. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

Digital Library

[18]

T Li, H Zou, Luo D, and Qu W. 2021. Symbolic simulation enhanced coverage-directed fuzz testing of RTL design. In IEEE International Symposium on Circuits and Systems (ISCAS).

[19]

Sujit Kumar Muduli, Gourav Takhar, and Pramod Subramanyan. 2020. HyperFuzzing for SoC Security Validation. In IEEE/ACM International Conference On Computer Aided Design (ICCAD).

[20]

Andreas Olofsson. 2017. Intelligent Design of Electronic Assets (IDEA) & Posh Open Source Hardware (POSH). https://www.darpa.mil/attachments/eri_design_proposers_day.pdf Last accessed: 3/3/2024.

[21]

Chathura Rajapaksha, Leila Delshadtehrani, Manuel Egele, and Ajay Joshi. 2023. SIGFuzz: A Framework for Discovering Microarchitectural Timing Side Channels.

[22]

REDSCAN. 2021. 2021 has officially been a record-breaking year for vulnerabilities.https://www.redscan.com/news/nist-nvd-analysis-2021-record-vulnerabilities/#: :text=2021%20was%20an%20especially%20difficult,50%20CVEs%20logged%20each%20day last accessed 3/2/24.

[23]

TechInsights. 2017. Apple iPhone 15 Pro Teardown. In TechInsights. https://www.techinsights.com/blog/apple-iphone-15-pro-teardown last accessed 3/2/24.

[24]

Timothy Trippel, Kang G. Shin, Alex Chernyakhovsky, Garret Kelly, Dominic Rizzo, and Matthew Hicks. 2022. Fuzzing Hardware Like Software. In USENIX Security Symposium (USENIX Security).

Cited By

Patnala VDinakarrao SVenkataramani GChen JDerasari PDoroslovacki MYao FFang HDemissie MAustin TBiernacki LUpadhyay SKalita AVenkat A(2024)Special Session: Detecting and Defending Vulnerabilities in Heterogeneous and Monolithic Systems: Current Strategies and Future Directions2024 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES)10.1109/CASES60062.2024.00007(5-14)Online publication date: 29-Sep-2024
https://doi.org/10.1109/CASES60062.2024.00007

Index Terms

The Fuzz Odyssey: A Survey on Hardware Fuzzing Frameworks for Hardware Design Verification
1. Hardware

Recommendations

Hardware Accelerated Functional Verification: Framework for FPGA-Accelerated Functional Verification
Formal verification in hardware design: a survey

In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing.

There are two ...
A system-level co-verification environment for ATM hardware design
DATE '98: Proceedings of the conference on Design, automation and test in Europe

Common approaches to hardware implementation of networking components start at the VHDL level and are based on the creation of regression test benches to perform simulative validation of functionality. The time needed to develop test benches has proven ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GLSVLSI '24: Proceedings of the Great Lakes Symposium on VLSI 2024

June 2024

797 pages

ISBN:9798400706059

DOI:10.1145/3649476

Editors:
Inna Partin-Vaisband
University of Illinois Chicago, USA
,
Srinivas Katkoori
University of South Florida, USA
,
Lu Peng
Tulane University, USA
,
Boris Vaisband
McGill University, Canada
,
Tooraj Nikoubin
University of Texas at Dallas, USA

Copyright © 2024 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2024

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Commonwealth Cyber Initiative

Conference

GLSVLSI '24

Sponsor:

SIGDA

GLSVLSI '24: Great Lakes Symposium on VLSI 2024

June 12 - 14, 2024

FL, Clearwater, USA

Acceptance Rates

Overall Acceptance Rate 312 of 1,156 submissions, 27%

Upcoming Conference

GLSVLSI '25

Sponsor:
sigda

Great Lakes Symposium on VLSI 2025

June 30 - July 2, 2025

New Orleans , LA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
923
Total Downloads

Downloads (Last 12 months)923
Downloads (Last 6 weeks)172

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Patnala VDinakarrao SVenkataramani GChen JDerasari PDoroslovacki MYao FFang HDemissie MAustin TBiernacki LUpadhyay SKalita AVenkat A(2024)Special Session: Detecting and Defending Vulnerabilities in Heterogeneous and Monolithic Systems: Current Strategies and Future Directions2024 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES)10.1109/CASES60062.2024.00007(5-14)Online publication date: 29-Sep-2024
https://doi.org/10.1109/CASES60062.2024.00007

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten