ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory

Jinwen Wang; Hongchao Zhang; Chuanrui Jiang; Andrew Clark; Ning Zhang

doi:10.1145/3719027.3765129

ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory

Jinwen Wang
, Hongchao Zhang
, Chuanrui Jiang
, Andrew Clark
, Ning Zhang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

With the proliferation of Cyber-Physical Systems (CPSs) in daily life, the security of these systems is becoming an pressing problem. Fuzz testing has recently gained attention as a promising approach for automatically detecting vulnerabilities, however, the prohibitively large search space of physical and cyber inputs remains an open research challenge. To address this gap, the paper draws on control theory, leveraging physics-informed control models to guide exploration of the input space. We design and develop ConTest, a fuzzing tool that leverages Lyapunov functions of the control model for both detection and mutation to efficiently search through the parameter space with a provable guarantee on the effectiveness of bug-finding effectiveness under bounded dynamic model errors. We implemented a prototype of ConTest and deployed it to detect spatial and temporal input validation bugs in two representative robotic vehicle (RV) platforms, ArduPilot and PX4. A total of 253 input validation bugs were found, 58 of them being zero-day bugs, and 54 of them were acknowledged by the vendors.

Original language	English
Title of host publication	CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	3311-3325
Number of pages	15
ISBN (Electronic)	9798400715259
DOIs	https://doi.org/10.1145/3719027.3765129
State	Published - Nov 22 2025
Event	32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025 - Taipei, Taiwan, Province of China Duration: Oct 13 2025 → Oct 17 2025

Publication series

Name	CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025
Country/Territory	Taiwan, Province of China
City	Taipei
Period	10/13/25 → 10/17/25

Keywords

Cyber-physical System
Fuzzing
System and Software Security

Access to Document

10.1145/3719027.3765129

Cite this

Wang, J., Zhang, H., Jiang, C., Clark, A., & Zhang, N. (2025). ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory. In CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (pp. 3311-3325). (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3719027.3765129

Wang, Jinwen ; Zhang, Hongchao ; Jiang, Chuanrui et al. / ConTest : Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory. CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2025. pp. 3311-3325 (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{7de39999fac64385bfeef80031b3e56e,

title = "ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory",

abstract = "With the proliferation of Cyber-Physical Systems (CPSs) in daily life, the security of these systems is becoming an pressing problem. Fuzz testing has recently gained attention as a promising approach for automatically detecting vulnerabilities, however, the prohibitively large search space of physical and cyber inputs remains an open research challenge. To address this gap, the paper draws on control theory, leveraging physics-informed control models to guide exploration of the input space. We design and develop ConTest, a fuzzing tool that leverages Lyapunov functions of the control model for both detection and mutation to efficiently search through the parameter space with a provable guarantee on the effectiveness of bug-finding effectiveness under bounded dynamic model errors. We implemented a prototype of ConTest and deployed it to detect spatial and temporal input validation bugs in two representative robotic vehicle (RV) platforms, ArduPilot and PX4. A total of 253 input validation bugs were found, 58 of them being zero-day bugs, and 54 of them were acknowledged by the vendors.",

keywords = "Cyber-physical System, Fuzzing, System and Software Security",

author = "Jinwen Wang and Hongchao Zhang and Chuanrui Jiang and Andrew Clark and Ning Zhang",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025 ; Conference date: 13-10-2025 Through 17-10-2025",

year = "2025",

month = nov,

day = "22",

doi = "10.1145/3719027.3765129",

language = "English",

series = "CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "3311--3325",

booktitle = "CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security",

}

Wang, J, Zhang, H, Jiang, C, Clark, A & Zhang, N 2025, ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory. in CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 3311-3325, 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025, Taipei, Taiwan, Province of China, 10/13/25. https://doi.org/10.1145/3719027.3765129

ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory. / Wang, Jinwen; Zhang, Hongchao; Jiang, Chuanrui et al.
CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2025. p. 3311-3325 (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - ConTest

T2 - 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025

AU - Wang, Jinwen

AU - Zhang, Hongchao

AU - Jiang, Chuanrui

AU - Clark, Andrew

AU - Zhang, Ning

PY - 2025/11/22

Y1 - 2025/11/22

N2 - With the proliferation of Cyber-Physical Systems (CPSs) in daily life, the security of these systems is becoming an pressing problem. Fuzz testing has recently gained attention as a promising approach for automatically detecting vulnerabilities, however, the prohibitively large search space of physical and cyber inputs remains an open research challenge. To address this gap, the paper draws on control theory, leveraging physics-informed control models to guide exploration of the input space. We design and develop ConTest, a fuzzing tool that leverages Lyapunov functions of the control model for both detection and mutation to efficiently search through the parameter space with a provable guarantee on the effectiveness of bug-finding effectiveness under bounded dynamic model errors. We implemented a prototype of ConTest and deployed it to detect spatial and temporal input validation bugs in two representative robotic vehicle (RV) platforms, ArduPilot and PX4. A total of 253 input validation bugs were found, 58 of them being zero-day bugs, and 54 of them were acknowledged by the vendors.

AB - With the proliferation of Cyber-Physical Systems (CPSs) in daily life, the security of these systems is becoming an pressing problem. Fuzz testing has recently gained attention as a promising approach for automatically detecting vulnerabilities, however, the prohibitively large search space of physical and cyber inputs remains an open research challenge. To address this gap, the paper draws on control theory, leveraging physics-informed control models to guide exploration of the input space. We design and develop ConTest, a fuzzing tool that leverages Lyapunov functions of the control model for both detection and mutation to efficiently search through the parameter space with a provable guarantee on the effectiveness of bug-finding effectiveness under bounded dynamic model errors. We implemented a prototype of ConTest and deployed it to detect spatial and temporal input validation bugs in two representative robotic vehicle (RV) platforms, ArduPilot and PX4. A total of 253 input validation bugs were found, 58 of them being zero-day bugs, and 54 of them were acknowledged by the vendors.

KW - Cyber-physical System

KW - Fuzzing

KW - System and Software Security

UR - https://www.scopus.com/pages/publications/105023882381

U2 - 10.1145/3719027.3765129

DO - 10.1145/3719027.3765129

M3 - Conference contribution

AN - SCOPUS:105023882381

T3 - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

SP - 3311

EP - 3325

BT - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 13 October 2025 through 17 October 2025

ER -

Wang J, Zhang H, Jiang C, Clark A, Zhang N. ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory. In CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2025. p. 3311-3325. (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3719027.3765129

ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this