Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments

Gangho Yoon; Eunseok Lee

doi:10.1145/3756681.3757033

Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments

Gangho Yoon
, Eunseok Lee

Department of Computer Science and Engineering

Sungkyunkwan University
Samsung Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Solid-State Drive (SSD) firmware manages complex internal states, including flash memory maintenance. Due to nondeterministic I/O operations, traditional testing methods struggle to rapidly achieve coverage of firmware code areas that require extensive I/O accumulation. To address this challenge, we propose a state data-aware fuzzing approach that leverages SSD firmware's internal state to guide input generation under nondeterministic I/O conditions and accelerate coverage discovery. Our experiments with an open-source SSD firmware emulator show that the proposed method achieves the same firmware test coverage as a state-of-the-art coverage-based fuzzer (AFL++) while requiring approximately 67% fewer commands, without reducing the number of crashes or hangs detected. Moreover, we extend our experiments by incorporating various I/O commands beyond basic write/read operations to reflect real user scenarios, and we confirm that our strategy remains effective even for multiple types of I/O tests. We further validate the effectiveness of state data-aware fuzzing for firmware testing under I/O environments and suggest that this approach can be extended to other storage firmware or threshold-based embedded systems in the future.

Original language	English
Title of host publication	Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025
Editors	Muhammad Ali Babar, Ayse Tosun, Stefan Wagner, Viktoria Stray
Publisher	Association for Computing Machinery, Inc
Pages	739-744
Number of pages	6
ISBN (Electronic)	9798400713859
DOIs	https://doi.org/10.1145/3756681.3757033
State	Published - 24 Dec 2025
Event	29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025 - Istanbul, Turkey Duration: 17 Jun 2025 → 20 Jun 2025

Publication series

Name	Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025

Conference

Conference	29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025
Country/Territory	Turkey
City	Istanbul
Period	17/06/25 → 20/06/25

Keywords

Coverage-Based Testing
Fuzzing
Nondeterministic I/O
SSD Firmware
Threshold

Access to Document

10.1145/3756681.3757033

Cite this

Yoon, G., & Lee, E. (2025). Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments. In M. A. Babar, A. Tosun, S. Wagner, & V. Stray (Eds.), Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025 (pp. 739-744). (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025). Association for Computing Machinery, Inc. https://doi.org/10.1145/3756681.3757033

Yoon, Gangho ; Lee, Eunseok. / Testing SSD Firmware with State Data-Aware Fuzzing : Accelerating Coverage in Nondeterministic I/O Environments. Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025. editor / Muhammad Ali Babar ; Ayse Tosun ; Stefan Wagner ; Viktoria Stray. Association for Computing Machinery, Inc, 2025. pp. 739-744 (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025).

@inproceedings{fc8023582ce341aaa7173e742b3e87de,

title = "Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments",

abstract = "Solid-State Drive (SSD) firmware manages complex internal states, including flash memory maintenance. Due to nondeterministic I/O operations, traditional testing methods struggle to rapidly achieve coverage of firmware code areas that require extensive I/O accumulation. To address this challenge, we propose a state data-aware fuzzing approach that leverages SSD firmware's internal state to guide input generation under nondeterministic I/O conditions and accelerate coverage discovery. Our experiments with an open-source SSD firmware emulator show that the proposed method achieves the same firmware test coverage as a state-of-the-art coverage-based fuzzer (AFL++) while requiring approximately 67\% fewer commands, without reducing the number of crashes or hangs detected. Moreover, we extend our experiments by incorporating various I/O commands beyond basic write/read operations to reflect real user scenarios, and we confirm that our strategy remains effective even for multiple types of I/O tests. We further validate the effectiveness of state data-aware fuzzing for firmware testing under I/O environments and suggest that this approach can be extended to other storage firmware or threshold-based embedded systems in the future.",

keywords = "Coverage-Based Testing, Fuzzing, Nondeterministic I/O, SSD Firmware, Threshold",

author = "Gangho Yoon and Eunseok Lee",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025 ; Conference date: 17-06-2025 Through 20-06-2025",

year = "2025",

month = dec,

day = "24",

doi = "10.1145/3756681.3757033",

language = "English",

series = "Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025",

publisher = "Association for Computing Machinery, Inc",

pages = "739--744",

editor = "Babar, \{Muhammad Ali\} and Ayse Tosun and Stefan Wagner and Viktoria Stray",

booktitle = "Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025",

}

Yoon, G & Lee, E 2025, Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments. in MA Babar, A Tosun, S Wagner & V Stray (eds), Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025. Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025, Association for Computing Machinery, Inc, pp. 739-744, 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025, Istanbul, Turkey, 17/06/25. https://doi.org/10.1145/3756681.3757033

Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments. / Yoon, Gangho; Lee, Eunseok.
Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025. ed. / Muhammad Ali Babar; Ayse Tosun; Stefan Wagner; Viktoria Stray. Association for Computing Machinery, Inc, 2025. p. 739-744 (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Testing SSD Firmware with State Data-Aware Fuzzing

T2 - 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025

AU - Yoon, Gangho

AU - Lee, Eunseok

PY - 2025/12/24

Y1 - 2025/12/24

N2 - Solid-State Drive (SSD) firmware manages complex internal states, including flash memory maintenance. Due to nondeterministic I/O operations, traditional testing methods struggle to rapidly achieve coverage of firmware code areas that require extensive I/O accumulation. To address this challenge, we propose a state data-aware fuzzing approach that leverages SSD firmware's internal state to guide input generation under nondeterministic I/O conditions and accelerate coverage discovery. Our experiments with an open-source SSD firmware emulator show that the proposed method achieves the same firmware test coverage as a state-of-the-art coverage-based fuzzer (AFL++) while requiring approximately 67% fewer commands, without reducing the number of crashes or hangs detected. Moreover, we extend our experiments by incorporating various I/O commands beyond basic write/read operations to reflect real user scenarios, and we confirm that our strategy remains effective even for multiple types of I/O tests. We further validate the effectiveness of state data-aware fuzzing for firmware testing under I/O environments and suggest that this approach can be extended to other storage firmware or threshold-based embedded systems in the future.

AB - Solid-State Drive (SSD) firmware manages complex internal states, including flash memory maintenance. Due to nondeterministic I/O operations, traditional testing methods struggle to rapidly achieve coverage of firmware code areas that require extensive I/O accumulation. To address this challenge, we propose a state data-aware fuzzing approach that leverages SSD firmware's internal state to guide input generation under nondeterministic I/O conditions and accelerate coverage discovery. Our experiments with an open-source SSD firmware emulator show that the proposed method achieves the same firmware test coverage as a state-of-the-art coverage-based fuzzer (AFL++) while requiring approximately 67% fewer commands, without reducing the number of crashes or hangs detected. Moreover, we extend our experiments by incorporating various I/O commands beyond basic write/read operations to reflect real user scenarios, and we confirm that our strategy remains effective even for multiple types of I/O tests. We further validate the effectiveness of state data-aware fuzzing for firmware testing under I/O environments and suggest that this approach can be extended to other storage firmware or threshold-based embedded systems in the future.

KW - Coverage-Based Testing

KW - Fuzzing

KW - Nondeterministic I/O

KW - SSD Firmware

KW - Threshold

UR - https://www.scopus.com/pages/publications/105026929138

U2 - 10.1145/3756681.3757033

DO - 10.1145/3756681.3757033

M3 - Conference contribution

AN - SCOPUS:105026929138

T3 - Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025

SP - 739

EP - 744

BT - Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025

A2 - Babar, Muhammad Ali

A2 - Tosun, Ayse

A2 - Wagner, Stefan

A2 - Stray, Viktoria

PB - Association for Computing Machinery, Inc

Y2 - 17 June 2025 through 20 June 2025

ER -

Yoon G, Lee E. Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments. In Babar MA, Tosun A, Wagner S, Stray V, editors, Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025. Association for Computing Machinery, Inc. 2025. p. 739-744. (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE 2025). doi: 10.1145/3756681.3757033

Testing SSD Firmware with State Data-Aware Fuzzing: Accelerating Coverage in Nondeterministic I/O Environments

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this