E-FuzzEdge: Optimizing Embedded Device Security with Scalable In-Place Fuzzing
Davide Rusconi, Osama Yousef, Mirco Picca, Flavio Toffalini, Andrea Lanzi
TL;DR
This paper addresses the throughput bottlenecks of fuzzing embedded devices under resource constraints by proposing E-FuzzEdge, an in-place, greybox fuzzing architecture that decouples input processing from on-device execution and exploits host-side parallelism. The approach preserves AFL++ compatibility while reducing data transfer overhead through a three-component model (Input Processor, Input Proxy, Input Executor) and a lean communication protocol. Empirical results show substantial desktop throughput gains with multiple producers and robust improvements on embedded targets, with two host-side processors typically offering the best balance between throughput and overhead. The work contributes a practical, open-source AFL++-based prototype for embedded fuzzing, highlighting its potential to augment existing hardware-in-the-loop and emulation-based methods and to accelerate security testing in IoT and safety-critical systems.
Abstract
In this paper we show E-FuzzEdge, a novel fuzzing architecture targeted towards improving the throughput of fuzzing campaigns in contexts where scalability is unavailable. E-FuzzEdge addresses the inefficiencies of hardware-in-the-loop fuzzing for microcontrollers by optimizing execution speed. We evaluated our system against state-of-the-art benchmarks, demonstrating significant performance improvements. A key advantage of E-FuzzEdgearchitecture is its compatibility with other embedded fuzzing techniques that perform on device testing instead of firmware emulation. This means that the broader embedded fuzzing community can integrate E-FuzzEdge into their workflows to enhance overall testing efficiency.