Speeding-up fuzzing through directional seeds
Journal Article
·
· International journal of information security
- Univ. of Idaho, Idaho Falls, ID (United States)
- Norwegian Univ. of Science and Technology, Gjøvik (Norway)
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
Fuzzing is an automated process for discovering inputs in a program that may trigger unexpected behavior. Today, fuzzing has become a standard practice for the discovery of bugs and security vulnerabilities. However, the main issue with such practices is that the exploration of the input space of programs can often be prohibitively expensive. Therefore, several alternative fuzzing strategies have been introduced during the last few years. Some fuzzing techniques rely on human expertise to provide a plausible set of initial input examples, namely, seeds. However, the process of handcrafting seeds for fuzzing purposes often becomes strenuous for humans as it requires a deeper understanding of the Program-Under-Test (PUT). Also, the use of known inputs to programs often does not trigger vulnerable program behavior or may not reach potentially vulnerable code locations. To address those issues, we propose a seed generation framework that enables Human-In-The-Loop (HITL) directed fuzzing where the human assumes a more active role in the creation of seeds that can penetrate and assess desired locations of the PUT. Our proposed framework uses Symbolic Execution (SE) to generate seeds that exercise paths to target program locations. Moreover, our framework enables the visualization of the explored execution paths in the binary of the PUT for the generated seeds. We evaluated our approach on a set of 12 carefully designed C programs with diverse characteristics that mimic real-world programs. The experimental results show the effectiveness of the proposed approach in improving the performance of standard fuzzing tools such as the American Fuzzy Lop (AFL). Specifically, our solution can generate seeds that substantially enhance the performance of the fuzzer, achieving speedups ranging from 1.46 X to 68.53 X for branch conditions, 1.39 X to 254.62 X for branch depths, 14,879.59 X to 30,295.88 X for branch widths over traditional seeds. Additionally, the speedup increases with the number of target function ranging from 12, 260 X to 22, 856.07 X over traditional seeds while only requiring less than 15 seconds on average for the seed generation step.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE; USDOE Laboratory Directed Research and Development (LDRD) Program; USDOE Office of Nuclear Energy (NE)
- Grant/Contract Number:
- AC07-05ID14517
- OSTI ID:
- 2516767
- Alternate ID(s):
- OSTI ID: 2572865
- Report Number(s):
- INL/JOU--25-85896
- Journal Information:
- International journal of information security, Journal Name: International journal of information security Journal Issue: 2 Vol. 24; ISSN 1615-5262; ISSN 1615-5270
- Publisher:
- Springer NatureCopyright Statement
- Country of Publication:
- United States
- Language:
- English
Z3: An Efficient SMT Solver
|
book | January 2008 |
Directed Symbolic Execution
|
book | January 2011 |
FUZZOLIC: Mixing fuzzing and concolic execution
|
journal | September 2021 |
Optimizing Seed Inputs in Fuzzing with Machine Learning
|
conference | May 2019 |
SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis
|
conference | May 2016 |
VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization
|
conference | November 2019 |
A Survey of Human-machine Collaboration in Fuzzing
|
conference | July 2022 |
1dVul: Discovering 1-Day Vulnerabilities through Binary Patches
|
conference | June 2019 |
Taint-based directed whitebox fuzzing
|
conference | January 2009 |
A Directed Fuzzing Based on the Dynamic Symbolic Execution and Extended Program Behavior Model
|
conference | December 2012 |
Ijon: Exploring Deep State Spaces via Fuzzing
|
conference | May 2020 |
Greyhound: Directed Greybox Wi-Fi Fuzzing
|
journal | March 2022 |
Directed Dynamic Symbolic Execution for Static Analysis Warnings Confirmation
|
journal | September 2018 |
Directed incremental symbolic execution
|
conference | June 2011 |
The S2E Platform
|
journal | February 2012 |
SemFuzz
|
conference | October 2017 |
Rise of the HaCRS
|
conference | October 2017 |
A Survey of Symbolic Execution Techniques
|
journal | July 2018 |
Poster
|
conference | November 2019 |
Hands-On Ghidra - A Tutorial about the Software Reverse Engineering Framework
|
conference | November 2019 |
Typestate-guided fuzzer for discovering use-after-free vulnerabilities
|
conference | June 2020 |
Regression Greybox Fuzzing
|
conference | November 2021 |
Poster: Combining Fuzzing with Concolic Execution for IoT Firmware Testing
|
conference | November 2023 |
Rare Path Guided Fuzzing
|
conference | July 2023 |
Ensuring data confidentiality via plausibly deniable encryption and secure deletion – a survey
|
journal | June 2018 |
Driller: Augmenting Fuzzing Through Selective Symbolic Execution
|
conference | January 2016 |
Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
|
conference | January 2020 |
Greedy, A-Star, and Dijkstra’s Algorithms in Finding Shortest Path
|
journal | February 2021 |
WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations
|
journal | October 2022 |
Similar Records
StructuredFuzzer: Fuzzing Structured Text-Based Control Logic Applications
Hardware Fuzzing with An Emulator
Journal Article
·
Mon Jun 24 20:00:00 EDT 2024
· Electronics
·
OSTI ID:2438034
Hardware Fuzzing with An Emulator
Technical Report
·
Sun Sep 01 00:00:00 EDT 2024
·
OSTI ID:2480163