IMPROVING VULNERABILITY TESTING AND DETECTION IN THE EMBEDDED CONTEXT

Embedded systems are becoming a pervasive technology in today’s computational and societal landscape, with over 17 billion active devices in 2024 and projections exceeding 29 billion by 2030. Their applications span a wide range of domains, including both safety- and security-critical contexts. With a number of 5000 IoT-directed attacks per month and a cost estimate of 500,000\$ per attack, enhancing both pre-deployment vulnerability attestation through automated testing and runtime vulnerability detection mechanisms represents not only a practical necessity but also a significant research challenge, given the limited reusability of existing solutions in embedded contexts. This thesis addresses both of these challenges by proposing novel, tailored solutions. First, it introduces a low-overhead firmware instrumentation framework designed for the runtime detection of spatial memory errors in embedded software, along with mechanisms for root-cause localization of such violations. Second, it presents two contributions to the field of automated vulnerability detection via fuzz testing. The first addresses the scalability challenges of in-place embedded fuzzing by proposing a novel architecture that enables pseudo-parallelization of the fuzzing process to maximize testing throughput. The second contribution tackles the current limitations of fuzzing bugs as a whole by systematically modeling the features that make defects difficult to detect. Based on this model, a fuzzing-based measurement framework is introduced and applied to both state-of-the-art benchmarks and real-world vulnerabilities, enabling the analysis of potential biases toward specific bug classes.