HFL: Hybrid Fuzzing on the Linux Kernel

Kim, Kyung‐Tae; Jeong, Dae R.; Kim, Cheol; Jang, Yeongjin; Shin, Insik; Lee, Byoungyoung

doi:10.14722/ndss.2020.24018

Cited by 56 publications

(26 citation statements)

References 26 publications

(46 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, a significant problem is determining how to produce sufficient testinputs. As mentioned in Section IV, there are two approaches in the test-input generation for fuzzers: a mutation-based approach which produces test-inputs according to the random mutation of the test-input files, or the use of predefined L Intriguer [140] L [141] AutoDES [142] L SHFuzz [143] L HFL [144] L FIoT [145] L BugMiner [146] L…”

Section: B Test-input Generationmentioning

confidence: 99%

“…al. [118] FAS [126] SymFuzz [130] Taintscope [44] HFL [144] Badger [122] HyDiff [123] Pak et. al [39] Eclipser [137] Saad et.…”

Section: Hfs In Various Areasmentioning

confidence: 99%

“…fuzzer's efficiency owing to the OS reboot. The introduction of the first kernel hybrid fuzzer by HFL [144] proved a significant contribution to kernel bug detection. It was constructed on top of the existing fuzzing tool known as named Syzkaller [181] and the SE engine, S2E.…”

Section: B Hybrid Fuzzers For Os Kernelsmentioning

confidence: 99%

See 2 more Smart Citations

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Rustamov

Kim

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Recently, software testing has become a significant component of information security. The most reliable technique for automated software testing is a fuzzing tool that feeds programs with random test-input and detects software vulnerabilities that are critical to security. Similarly, symbolic execution has gained the most attention as an efficient testing tool for producing smart test-inputs and discovering hardto-reach bugs using search-based heuristics and compositional approaches. The combination of fuzzing and symbolic execution makes software testing more efficient by mitigating the limitations in each other. Although several studies have been conducted on hybrid fuzzing in recent years, a comprehensive and consistent review of hybrid fuzzing techniques has not been explored. To add coherence to the extensive literature on hybrid fuzzing and to make it reach a large audience, this study provides an overview of key concepts along with the taxonomy of existing hybrid fuzzing tools, problems, and solutions that have been developed in this sphere. It also includes evaluations of the proposed approaches and a number of suggestions for the development of hybrid fuzzing in the future.

show abstract

Section: B Test-input Generationmentioning

confidence: 99%

“…al. [118] FAS [126] SymFuzz [130] Taintscope [44] HFL [144] Badger [122] HyDiff [123] Pak et. al [39] Eclipser [137] Saad et.…”

Section: Hfs In Various Areasmentioning

confidence: 99%

See 1 more Smart Citation

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Rustamov

Kim

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In contrast to non-oriented fuzzing, coverage-oriented fuzzing [9][10][11][12][13] can use lightweight instrumentation to obtain the runtime information of the program to effectively guide the fuzzing process to pursue high coverage in control flow graph (CFG). For example, by selecting the sample with a new edge as the seed sample for the next round of mutations, the execution of the sample will have a greater possibility of obtaining high coverage [9][10][11]; coverage-oriented fuzzing can also use heavyweight instrumentation to perform dynamic symbol execution [14][15][16][17][18][19][20][21]. This approach transforms external data into symbols to participate in the execution, collects the symbol expressions at each program node, and generates samples that try to execute the full path by solving the expressions.…”

Section: Introductionmentioning

confidence: 99%

“…Coverage-oriented fuzzing [9][10][11][12][13][14][15][16][17][18][19][20][21][23][24][25][26][27][28] increases the probability of triggering vulnerabilities by executing code blocks or paths as much as possible. However, it causes a large quantity of computational resources to be allocated to code that does not have vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization

Chen

Cui

2021

Applied Sciences

View full text Add to dashboard Cite

Coverage-oriented and target-oriented fuzzing are widely used in vulnerability detection. Compared with coverage-oriented fuzzing, target-oriented fuzzing concentrates more computing resources on suspected vulnerable points to improve the testing efficiency. However, the sample generation algorithm used in target-oriented vulnerability detection technology has some problems, such as weak guidance, weak sample penetration, and difficult sample generation. This paper proposes a new target-oriented fuzzer, PSOFuzzer, that uses particle swarm optimization to generate samples. PSOFuzzer can quickly learn high-quality features in historical samples and implant them into new samples that can be led to execute the suspected vulnerable point. The experimental results show that PSOFuzzer can generate more samples in the test process to reach the target point and can trigger vulnerabilities with 79% and 423% higher probability than AFLGo and Sidewinder, respectively, on tested software programs.

show abstract

The progress, challenges, and perspectives of directed greybox fuzzing

Wang,

Zhou,

Yue

et al. 2023

Software Testing Verif & Rel

View full text Add to dashboard Cite

SummaryGreybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage‐guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs, blindly extending code coverage is less efficient, especially for corner cases. Unlike coverage‐guided greybox fuzzing which increases code coverage in an undirected manner, directed greybox fuzzing (DGF) spends most of its time allocation on reaching specific targets (e.g. the bug‐prone zone) without wasting resources stressing unrelated parts. Thus, DGF is particularly suitable for scenarios such as patch testing, bug reproduction, and special bug detection. For now, DGF has become an active research area. However, DGF has general limitations and challenges that are worth further studying. Based on the investigation of 42 state‐of‐the‐art fuzzers that are closely related to DGF, we conducted the first in‐depth study to summarize the empirical evidence on the research progress of DGF. This paper studies DGF from a broader view, which takes into account not only the location‐directed type that targets specific code parts but also the behavior‐directed type that aims to expose abnormal program behaviors. By analyzing the benefits and limitations of DGF research, we try to identify gaps in current research, meanwhile, reveal new research opportunities and suggest areas for further investigation.

show abstract

HFL: Hybrid Fuzzing on the Linux Kernel

Cited by 56 publications

References 26 publications

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

PSOFuzzer: A Target-Oriented Software Vulnerability Detection Technology Based on Particle Swarm Optimization

The progress, challenges, and perspectives of directed greybox fuzzing

Contact Info

Product

Resources

About