Real-Time Operating Systems (RTOS) are widely used in embedded systems to support functionalities such as Bluetooth and Wi-Fi. As RTOS kernels grow in functionality, their attack surface also expands, increasing the need for effective security testing. However, existing dynamic testing techniques such as fuzzing have difficulty effectively testing deeply located kernel functions because these functions require complex execution contexts.
This tutorial presents RTCon, a context-adaptive function-level fuzzer for RTOS kernels. The tutorial uses Zephyr, an open-source RTOS for embedded and IoT devices that has been adopted as the embedded controller platform for ChromeOS devices, as the target system. Participants will learn the principles of function-level fuzzing, execution context construction for kernel functions, and practical techniques for testing RTOS kernels.