Smart Greybox Fuzzing
Pham, Van-Thuan Bohme, Marcel Santosa, Andrew E Caciulescu, Alexandru Razvan Roychoudhury, Abhik
Bohme, Marcel
Caciulescu, Alexandru Razvan
Citations
Altmetric:
Alternative Title
Abstract
Coverage-based greybox fuzzing (CGF) is one of the most successful approaches for automated vulnerability detection. Given a seed file (as a sequence of bits), a CGF randomly flips, deletes or copies some bits to generate new files. CGF iteratively constructs (and fuzzes) a seed corpus by retaining those generated files which enhance coverage. However, random bitflips are unlikely to produce valid files (or valid chunks in files), for applications processing complex file formats. In this work, we introduce smart greybox fuzzing (SGF) which leverages a high-level structural representation of the seed file to generate new files. We define innovative mutation operators that work on the virtual file structure rather than on the bit level which allows SGF to explore completely new input domains while maintaining file validity. We introduce a novel validity-based power schedule that enables SGF to spend more time generating files that are more likely to pass the parsing stage of the program, which can expose vulnerabilities much deeper in the processing logic. Our evaluation demonstrates the effectiveness of SGF. On several libraries that parse complex chunk-based files, our tool AFLsmart achieves substantially more branch coverage (up to 87 percent improvement) and exposes more vulnerabilities than baseline AFL. Our tool AFLsmart discovered 42 zero-day vulnerabilities in widely-used, well-tested tools and libraries; 22 CVEs were assigned.
Keywords
Science & Technology, Technology, Computer Science, Software Engineering, Engineering, Electrical & Electronic, Computer Science, Engineering, Fuzzing, Computer bugs, Libraries, Tools, Dictionaries, Open area test sites, Schedules, Vulnerability detection, smart fuzzing, automated testing, file format, grammar, input structure
Source Title
IEEE Transactions on Software Engineering
Publisher
Institute of Electrical and Electronics Engineers
Series/Report No.
Collections
Rights
Date
2021-09-01
DOI
10.1109/TSE.2019.2941681
Type
Article