HDR-Fuzz: Detecting Buffer Overruns using AddressSanitizer Instrumentation and Fuzzing

Medicherla, Raveendra Kumar; Nagalakshmi, Malathy; Sharma, Tanya; Komondoor, Raghavan

doi:10.48550/arxiv.2104.10466

Cited by 2 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Meanwhile, CVE information, commit changes, binary diffing techniques, and tools such as UBSan and AddressSanitizer, are adopted to label various potential vulnerable code regions. Examples include DrillerGo [28], TortoiseFuzz [27], AFLChurn [26], GREY-HOUND [15], DeltaFuzz [25], 1DVUL [23], SAVIOR [100] and HDR-Fuzz [101]. • The fuzzing process has been enhanced with various approaches, such as using data-flow analysis and semantic analysis to generate valid input, using symbolic execution to pass complex constraints.…”

Section: Overviewmentioning

confidence: 99%

“…It defines the distance of constraints as how well a given seed satisfies the constraints and prioritizes the seeds that better satisfy the constraints in order. AFL-HR [81] and HDR-Fuzz [101] adopt a vulnerability-oriented fitness metric called headroom, which indicates how closely a test input can expose a hard-to-manifest vulnerability (e.g. buffer or integer overflow) at a given vulnerability location.…”

Section: Customized Fitness Metricsmentioning

confidence: 99%

“…For example, AFLChurn [26] leverages lightweight ant colony optimization instead of expensive taint analysis to find "interesting bytes" and realize a byte-level power scheduling; -Leverage parallel computing. For example, HDR-Fuzz [101] uses another core to run AddressSanitizer in parallel and provides guidance to the directedness. Large-scale parallel fuzzing [109,110] can also be adopted to improve efficiency further.…”

Section: Performance Deductionmentioning

confidence: 99%

“…Multi-dimensional fitness metrics are also proposed to detect hardto-manifest vulnerabilities. Examples include AFL-HR [81], HDRFuzz [101] and AFLPro [86]. • To facilitate target identification, tools based on machine learning can predict and label potential targets automatically, examples include SUZZER [31], V-Fuzz [30], DeFuzz [32], and SemFuzz [22].…”

Section: Overviewmentioning

confidence: 99%

See 3 more Smart Citations

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

Section: Overviewmentioning

confidence: 99%

Section: Customized Fitness Metricsmentioning

confidence: 99%

Section: Performance Deductionmentioning

confidence: 99%

Section: Overviewmentioning

confidence: 99%

See 2 more Smart Citations

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

show abstract

“…It helps the administrator to detect the attack and catch the intruder in real-time by sending a real-time message and email. The tool named Address Sanitizer has been implemented in GCC by Google to detect errors in memory [54]. It is used to detect Out-of-bounds, Use-after-free, and memory leaks.…”

Section: Compiler Based Mitigation Techniquesmentioning

confidence: 99%

An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques

et al. 2022

View full text Add to dashboard Cite

Buffer Overflow (BOF) has been a ubiquitous security vulnerability for more than three decades, potentially compromising any software application or system. This vulnerability occurs primarily when someone attempts to write more bytes of data (shellcode) than a buffer can handle. To date, this primitive attack has been used to attack many different software systems, resulting in numerous buffer overflows. The most common type of buffer overflow is the stack overflow vulnerability, through which an adversary can gain admin privileges remotely, which can then be used to execute shellcode. Numerous mitigation techniques have been developed and deployed to reduce the likelihood of BOF attacks, but attackers still manage to bypass these techniques. A variety of mitigation techniques have been proposed and implemented on the hardware, operating system, and compiler levels. These techniques include No-EXecute (NX) and Address Space Layout Randomization (ASLR). The NX bit prevents the execution of malicious code by making various portions of the address space of a process inoperable. The ASLR algorithm randomly assigns addresses to various parts of the logical address space of a process as it is loaded in memory for execution. Position Independent Executable (PIE) and ASLR provide more robust protection by randomly generating binary segments. Read-only relocation (RELRO) protects the Global Offset Table (GOT) from overwriting attacks. StackGuard protects the stack by placing the canary before the return address in order to prevent stack smashing attacks. Despite all the mitigation techniques in place, hackers continue to be successful in bypassing them, making buffer overflow a persistent vulnerability. The current work aims to describe the stack-based buffer overflow vulnerability and review in detail the mitigation techniques reported in the literature as well as how hackers attempt to bypass them.

show abstract

HDR-Fuzz: Detecting Buffer Overruns using AddressSanitizer Instrumentation and Fuzzing

Cited by 2 publications

References 11 publications

The progress, challenges, and perspectives of directed greybox fuzzing

The progress, challenges, and perspectives of directed greybox fuzzing

An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques

Contact Info

Product

Resources

About