9 Hits in 2.4 sec

The Art, Science, and Engineering of Fuzzing: A Survey [article]

Valentin J.M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo
2019 arXiv   pre-print
We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective  ...  To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature.  ...  Model Inference in PR E P R O C E S S: Some fuzzers infer the model as a preprocessing step.  ... 
arXiv:1812.00140v4 fatcat:zk2ow477dffc5pllixqigz24ba

V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing [article]

Yuwei Li, Shouling Ji, Chenyang Lv, Yuan Chen, Jianhai Chen, Qinchen Gu, Chunming Wu
2019 arXiv   pre-print
V-Fuzz consists of two main components: a neural network-based vulnerability prediction model and a vulnerability-oriented evolutionary fuzzer.  ...  Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of the software are more likely to be vulnerable.  ...  Other Fuzzing Researches. kAFL [50] is a hardware-assisted feedback fuzzer that focuses on fuzzing x86-64 kernels. IMF [52] leverages inferred dependence model to fuzz commodity OS kernels.  ... 
arXiv:1901.01142v1 fatcat:j3ltwqv4vngxlkk6nfat5n2734

Software Ethology: An Accurate, Resilient, and Cross-Architecture Binary Analysis Framework [article]

Derrick McKee and Nathan Burow and Mathias Payer
2020 arXiv   pre-print
Tinbergen, our prototype Software Ethology implementation, leverages a virtual execution environment and a fuzzer to generate the classification vectors.  ...  IMF-SIM uses an in-memory fuzzer to measure the same metrics as BLEX, instead of forcing execution to start at unexecuted instructions.  ...  Based on the program state changes the analyst can then infer semantic meaning, and eventually build a whole program understanding from how the semantic pieces fit together.  ... 
arXiv:1906.02928v3 fatcat:rf3rmurkkbhjlhc2y65553sqwq

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer [article]

Suyoung Lee, HyungSeok Han, Sang Kil Cha, Sooel Son
2020 arXiv   pre-print
In this paper, we present Montage, the first NNLM-guided fuzzer for finding JS engine vulnerabilities.  ...  While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs).  ...  IMF infers the model of sequential kernel API calls to fuzz macOS kernels [19] . Dewey et al.  ... 
arXiv:2001.04107v2 fatcat:22cptrylmrfthh6sua3jqnzaxy

Evaluating Code Coverage for Kernel Fuzzers via Function Call Graph

Mingi Cho, Hoyong Jin, Dohyeon An, Taekyoung Kwon
2021 IEEE Access  
For this purpose, we have developed a practical assessment system that leverages the Intel PT and KCOV and assessed the Linux kernel fuzzers, such as Syzkaller, Trinity, and ext4 fuzzer.  ...  In this regard, this study aims to assess the system callrelated code coverage of kernel fuzzers.  ...  The IMF performs fuzzing on macOS by leveraging a model for learning the inferred dependencies among API function calls. B.  ... 
doi:10.1109/access.2021.3129062 fatcat:2cqq6mi6aneaxnquszvm7v3fy4

CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers

Tianshi MU, Huabing ZHANG, Jian WANG, Huijuan LI
2021 IEICE transactions on information and systems  
The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.  ...  For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting  ...  IMF [29] inferred a model for the system in question to facilitate input generation. It extracts the model by inspecting API sequences by actual applications running on the system.  ... 
doi:10.1587/transinf.2021ngp0005 fatcat:lzvdg2zvljhurmfxot3sdqcj6q

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary

Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz
2019 Proceedings 2019 Network and Distributed System Security Symposium   unpublished
We present PERISCOPE, a Linux kernel based probing framework that enables fine-grained analysis of device-driver interactions.  ...  PER-IFUZZ accurately models the capabilities of an attacker on peripheral devices, to expose different classes of bugs including, but not limited to, memory corruption bugs and double-fetch bugs.  ...  This material is based upon work partially supported by the Defense Advanced Research Projects Agency under contracts  ... 
doi:10.14722/ndss.2019.23176 fatcat:2etqtt3pmrdptn76ylqa2eu3mu

WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning

Jinho Jung, Stephen Tong, Hong Hu, Jungwon Lim, Yonghwi Jin, Taesoo Kim
2021 Proceedings 2021 Network and Distributed System Security Symposium   unpublished
Our system, WINNIE, first tries to synthesize a harness for the application, a simple program that directly invokes target functions, based on sample executions.  ...  In our evaluation, WINNIE can support 2.2× more programs than existing Windows fuzzers could, and identified 3.9× more program states and achieved 26.6× faster execution.  ...  Peach is another popular fuzzer with Windows support but requires users to write specifications based on their knowledge of the fuzzed program [16] .  ... 
doi:10.14722/ndss.2021.24334 fatcat:do7mhhyaord6fhyoxyezwx6ojq

SmartSeed: Smart Seed Generation for Efficient Fuzzing [article]

Chenyang Lyu, Shouling Ji, Yuwei Li, Junfeng Zhou, Jianhai Chen, Jing Chen
2019 arXiv   pre-print
Specifically, SmartSeed is designed based on a machine learning model to learn and generate high-value binary seeds.  ...  For genetic algorithm-based fuzzing, it can mutate the seed files provided by users to obtain a number of inputs, which are then used to test the objective application in order to trigger potential crashes  ...  Han et al. proposed a novel method called model-based API fuzzing and presented IMF for testing commodity OS kernels [38].  ... 
arXiv:1807.02606v3 fatcat:o3pjje523bejhhkozcbjrcdrku