MemLock

Cheng, Wen; Wang, Haijun; Li, Yuekang; Qin, Shengchao; Liu, Yang; Xu, Zhiwu; Chen, Hongxu; Xie, Xiaofei; Pu, Geguang; Liu, Ting

doi:10.1145/3377811.3380396

Cited by 83 publications

(23 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…autofz utilizes AFL bitmap to compare runtime trends, which favors the fuzzers that seek to maximize path coverage. While the coverage is the most popular and explicit indicator of progress in fuzzing, relying on a single metric can potentially lead to unfair comparison with various fuzzers utilizing metrics other than the coverage [16,38,[45][46][47]. Therefore, supporting multiple metrics besides path coverage can achieve fairness and better efficiency in terms of resource allocation.…”

Section: Discussionmentioning

confidence: 99%

autofz: Automated Fuzzer Composition at Runtime

Fu¹,

Lee²,

Kim³

2023

Preprint

View full text Add to dashboard Cite

Fuzzing has gained in popularity for software vulnerability detection by virtue of the tremendous effort to develop a diverse set of fuzzers. Thanks to various fuzzing techniques, most of the fuzzers have been able to demonstrate great performance on their selected targets. However, paradoxically, this diversity in fuzzers also made it difficult to select fuzzers that are best suitable for complex real-world programs, which we call selection burden. Communities attempted to address this problem by creating a set of standard benchmarks to compare and contrast the performance of fuzzers for a wide range of applications, but the result was always a suboptimal decision-the best performing fuzzer on average does not guarantee the best outcome for the target of a user's interest.To overcome this problem, we propose an automated, yet non-intrusive meta-fuzzer, called autofz 1 , to maximize the benefits of existing state-of-the-art fuzzers via dynamic composition. To an end user, this means that, instead of spending time on selecting which fuzzer to adopt (similar in concept to hyperparameter tuning in ML), one can simply put all of the available fuzzers to autofz (similar in concept to AutoML), and achieve the best, optimal result. The key idea is to monitor the runtime progress of the fuzzers, called trends (similar in concept to gradient descent), and make a fine-grained adjustment of resource allocation (e.g., CPU time) of each fuzzer. This is a stark contrast to existing approaches that statically combine a set of fuzzers, or via exhaustive pre-training per target program-autofz deduces a suitable set of fuzzers of the active workload in a fine-grained manner at runtime. Our evaluation shows that, given the same amount of computation resources, autofz outperforms any best-performing individual fuzzers in 11 out of 12 available benchmarks and beats the best, collaborative fuzzing approaches in 19 out of 20 benchmarks without any prior knowledge in terms of coverage. Moreover, on average, autofz found 152% more bugs than individual fuzzers on UNIFUZZ and FTS, and 415% more bugs than collaborative fuzzing on UNIFUZZ.

show abstract

Section: Discussionmentioning

confidence: 99%

autofz: Automated Fuzzer Composition at Runtime

Fu¹,

Lee²,

Kim³

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…From the scripts provided by AFLGo, we selected four projects using CI as experimental projects: jasper, libming, libxml2 and lrzip. These widespread open-source projects are often used in related research [19,26,27] and have a certain degree of representativeness, which can reduce external validity threats to a certain extent. However, we cannot ensure that the proposed method will have the same effectiveness on other projects.…”

Section: Threates To Validitymentioning

confidence: 99%

CIDFuzz: Fuzz testing for continuous integration

et al. 2023

View full text Add to dashboard Cite

As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI directly, it will be difficult to make testing resources focus on changes generated by CI, which results in insufficient testing for changes. To solve this problem, we propose a fuzz testing method for CI. First, differential analysis is performed to determine the change points generated during CI, change points are added to the taint source set, and static analysis is conducted to calculate the distances between each basic block and the taint sources. Then, the project under test is instrumented according to the distances. During fuzz testing, testing resources are allocated based on seed coverage to test the change points effectively. Using the proposed methods, we implement CIDFuzz as a prototype tool, and experiments are conducted on four open-source projects that use CI. Experimental results show that, compared with AFL and AFLGo, CIDFuzz can reduce the time costs of covering change points up to 39.59% and 41.64%, respectively. Also, CIDFuzz can reduce the time costs of reproducing vulnerabilities up to 34.78% and 25.55%.

show abstract

“…At present, DGF is also mainly applied in vulnerability detection. Existing works [28][29][30][31][32][33][34] usually take the changed statements or dangerous locations as target locations. Their purposes are to generate test cases that can trigger vulnerabilities.…”

Section: Gray-box Fuzzingmentioning

confidence: 99%

“…Its main idea is to focus on interesting parts of code, rather than to spend a lot of time on undirected exploration of the whole program like coverage-based fuzzing. Previous studies [28][29][30][31][32][33][34] have shown that DGF has good practicability in the vulnerability detection. When testing large-scale programs, it can generate test cases to exercise the given targets more effectively than the coverage-based fuzzing.…”

mentioning

confidence: 99%

Constructing More Complete Control Flow Graphs Utilizing Directed Gray-Box Fuzzing

Zhu

Huang

et al. 2021

Applied Sciences

View full text Add to dashboard Cite

Control Flow Graphs (CFGs) provide fundamental data for many program analyses, such as malware analysis, vulnerability detection, code similarity analysis, etc. Existing techniques for constructing control flow graphs include static, dynamic, and hybrid analysis, which each having their own advantages and disadvantages. However, due to the difficulty of resolving indirect jump relations, the existing techniques are limited in completeness. In this paper, we propose a practical technique that applies static analysis and dynamic analysis to construct more complete control flow graphs. The main innovation of our approach is to adopt directed gray-box fuzzing (DGF) instead of coverage-based gray-box fuzzing (CGF) used in the existing approach to generate test cases that can exercise indirect jumps. We first employ a static analysis to construct the static CFGs without indirect jump relations. Then, we utilize directed gray-box fuzzing to generate test cases and resolve indirect jump relations by monitoring the execution traces of these test cases. Finally, we combine the static CFGs with indirect jump relations to construct more complete CFGs. In addition, we also propose an iterative feedback mechanism to further improve the completeness of CFGs. We have implemented our technique in a prototype and evaluated it through comparing with the existing approaches on eight benchmarks. The results show that our prototype can resolve more indirect jump relations and construct more complete CFGs than existing approaches.

show abstract

MemLock

Cited by 83 publications

References 50 publications

autofz: Automated Fuzzer Composition at Runtime

autofz: Automated Fuzzer Composition at Runtime

CIDFuzz: Fuzz testing for continuous integration

Constructing More Complete Control Flow Graphs Utilizing Directed Gray-Box Fuzzing

Contact Info

Product

Resources

About