Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing
arxiv(2024)
摘要
Modern computing systems heavily rely on hardware as the root of trust.
However, their increasing complexity has given rise to security-critical
vulnerabilities that cross-layer at-tacks can exploit. Traditional hardware
vulnerability detection methods, such as random regression and formal
verification, have limitations. Random regression, while scalable, is slow in
exploring hardware, and formal verification techniques are often concerned with
manual effort and state explosions. Hardware fuzzing has emerged as an
effective approach to exploring and detecting security vulnerabilities in
large-scale designs like modern processors. They outperform traditional methods
regarding coverage, scalability, and efficiency. However, state-of-the-art
fuzzers struggle to achieve comprehensive coverage of intricate hardware
designs within a practical timeframe, often falling short of a 70
threshold. We propose a novel ML-based hardware fuzzer, ChatFuzz, to address
this challenge. Ourapproach leverages LLMs like ChatGPT to understand processor
language, focusing on machine codes and generating assembly code sequences. RL
is integrated to guide the input generation process by rewarding the inputs
using code coverage metrics. We use the open-source RISCV-based RocketCore
processor as our testbed. ChatFuzz achieves condition coverage rate of 75
just 52 minutes compared to a state-of-the-art fuzzer, which requires a lengthy
30-hour window to reach a similar condition coverage. Furthermore, our fuzzer
can attain 80
instances/licenses within a 130-hour window. During this time, it conducted a
total of 199K test cases, of which 6K produced discrepancies with the
processor's golden model. Our analysis identified more than 10 unique
mismatches, including two new bugs in the RocketCore and discrepancies from the
RISC-V ISA Simulator.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要