Differential Fuzzing for Data Distribution Service Programs with Dynamic Configuration

Data Distribution Service (DDS) is a distributed network protocol widely used in cyber-physical systems. DDS provides flexible configurations defined in the formal design specification for safety and security. However, DDS programs suffer from both semantic bugs violating design specifications and software implementation bugs. To discover bugs, network protocol fuzzers have focused on testing client-server models by mutating input packets. However, they are unsuitable for fuzzing DDS programs due to a lack of consideration of the DDS-specific features, such as the DDS-specific input spaces (e.g., dynamic network topology formation and QoS and DDS security configurations) and impacts of DDS-specific semantic bugs (e.g., incorrect topology construction).