Description
Modern microprocessors’ increasing complexity has expanded their attack surface,
making hardware security verification a critical challenge. This thesis presents Fuzzworthy,
a novel CPU fuzzing framework that leverages performance monitoring counters
(PMCs) to systematically explore microarchitectural behavior and detect vulnerabilities
in Intel’s x86 processors.
Unlike traditional fuzzing methods, Fuzzworthy employs PMC-based feedback, serialization
oracles, and priority-queue guidance to refine instruction sequence generation.
Implemented using the Kernel-based Virtual Machine (KVM), it enables real hardware
interaction while maintaining execution control. Evaluations confirm that certain
PMCs, such as ARITH.DIVIDER_ACTIVE, effectively guide fuzzing, while others,
like SW_PREFETCH_ACCESS.ANY, exhibit inconsistencies, highlighting challenges in
counter reliability and measurement noise.
The research underscores the potential of PMC-guided fuzzing for vulnerability
discovery, exemplified by attacks like Zenbleed, and suggests that alternative execution
environments, such as bare-metal testing, could further enhance efficiency. Fuzzworthy
advances CPU fuzzing methodologies, offering a foundation for future hardware
security research.
|
