Description
Modern microprocessors’ increasing complexity has expanded their attack surface, making hardware security verification a critical challenge. This thesis presents Fuzzworthy, a novel CPU fuzzing framework that leverages performance monitoring counters (PMCs) to systematically explore microarchitectural behavior and detect vulnerabilities in Intel’s x86 processors. Unlike traditional fuzzing methods, Fuzzworthy employs PMC-based feedback, serialization oracles, and priority-queue guidance to refine instruction sequence generation. Implemented using the Kernel-based Virtual Machine (KVM), it enables real hardware interaction while maintaining execution control. Evaluations confirm that certain PMCs, such as ARITH.DIVIDER_ACTIVE, effectively guide fuzzing, while others, like SW_PREFETCH_ACCESS.ANY, exhibit inconsistencies, highlighting challenges in counter reliability and measurement noise. The research underscores the potential of PMC-guided fuzzing for vulnerability discovery, exemplified by attacks like Zenbleed, and suggests that alternative execution environments, such as bare-metal testing, could further enhance efficiency. Fuzzworthy advances CPU fuzzing methodologies, offering a foundation for future hardware security research.
|