Secure by Design Principles - Fuzzing in a Memory Safe Verification Environment

In today’s interconnected world, the security of software systems is paramount. The increasing frequency and severity of cyberattacks underscore the need for a fundamental shift in software development. The “Secure by Design” paradigm is a proactive strategy that advocates integrating security considerations throughout the software development life cycle rather than treating them as an afterthought. This paper introduces an innovative approach that leverages memory-safe hardware, a processor enhanced with Capability Hardware Enhanced RISC Instructions (CHERI), and fuzz testing. The approach adheres to the Secure by Design principles by enhancing security verification in embedded real-time systems at early stages of the development life cycle. Experimental results show that the solution is beneficial for detecting software memory issues in both memory-safe and unsafe programming languages. We further demonstrate that the approach detects classes of memory errors that are not reliably captured by conventional fuzzing combined with address sanitizers, by converting otherwise silent memory violations into deterministic hardware-detected faults.