TWINFUZZ: Differential Testing of Video Hardware Acceleration Stacks
Matteo Leonelli
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Fuzzing 2
In the realm of modern computing, hardware acceleration stacks are ubiquitous, powering everything from high-performance graphics to efficient video playback. However, the intricate, multi-layered nature of these stacks, often comprising proprietary drivers, kernel modules, and specialized GPU hardware, presents a formidable challenge for security testing. Traditional software fuzzing techniques, which rely heavily on code instrumentation and coverage feedback, are largely ineffective against these opaque, **blackbox components**. This talk, presented by Matteo Leonelli from CISPA, introduces **TWINFUZZ**, a novel differential testing methodology designed to uncover functional and security-relevant bugs in **video hardware acceleration stacks**.
AI review
Solid, genuinely novel research that tackles a real and under-served problem — fuzzing blackbox hardware acceleration stacks — with a clever differential oracle and an indirect coverage proxy that sidesteps the instrumentation wall. The Firefox information leak and VLC/Windows driver bugs are real, reproducible findings, not demo-ware. Doesn't quite hit 5 because root cause analysis remains shallow by the speaker's own admission, and the talk leans heavily on the methodology without fully stress-testing the assumptions baked into the proxy coverage heuristic.