Hardware security vulnerabilities in computing systems compromise the security defenses of not only the hardware but also the software running on it. Recent research has shown that hardware fuzzing is a promising technique to efficiently detect such vulnerabilities in large-scale designs such as modern processors. However, the current fuzzing techniques do not adjust their strategies dynamically toward faster and higher design space exploration, resulting in slow vulnerability detection, evident through their low design coverage. To address this problem, we propose PSOFuzz, which uses particle swarm optimization (PSO) to schedule the mutation operators and to generate initial input programs dynamically with the objective of detecting vulnerabilities quickly. Unlike traditional PSO, which finds a single optimal solution, we use a modified PSO that dynamically computes the optimal solution for selecting mutation operators required to explore new design regions in hardware. We also address the challenge of inefficient initial input generation by employing PSO-based input generation. Including these optimizations, our final formulation outperforms fuzzers without PSO. Experiments show that PSOFuzz achieves up to 15.25$\times$ speedup for vulnerability detection and up to 2.22$\times$ speedup for coverage compared to the state-of-the-art simulation-based hardware fuzzer.

翻译：计算系统中的硬件安全漏洞不仅会破坏硬件本身的安全防御，还会威胁其上运行软件的安全性。近年研究表明，硬件模糊测试是一种高效检测现代处理器等大规模设计中此类漏洞的有效技术。然而，现有模糊测试技术无法根据更快速、更高维度的设计空间探索需求动态调整策略，导致漏洞检测效率低下，这在其低设计覆盖率中体现得尤为明显。为解决该问题，我们提出PSOFuzz方法，采用粒子群优化（PSO）动态调度变异算子并生成初始输入程序，以实现快速漏洞检测。与传统PSO寻求单一最优解不同，我们采用改进型PSO动态计算最优解，用于选择探索硬件新设计区域所需的变异算子。同时，我们通过基于PSO的输入生成方法解决了初始输入生成效率低下的挑战。经过这些优化，最终方案在性能上超越未使用PSO的模糊测试器。实验表明，与当前最先进的基于仿真的硬件模糊测试器相比，PSOFuzz在漏洞检测速度上最高提升15.25倍，在覆盖率上最高提升2.22倍。