한국정보처리학회:학술대회논문집 (Proceedings of the Korea Information Processing Society Conference)

한국정보처리학회 (Korea Information Processing Society)
권호 표지

QEMU 모드에서 AFL++와 Directed-Based Fuzzing 의 통합

Integrating Directed-Based Fuzzing with AFL++ in QEMU Mode

  • 최진명 (서울대학교 전기정보공학부, 서울대학교 반도체 공동연구소) ;
  • 김현준 (서울대학교 전기정보공학부, 서울대학교 반도체 공동연구소) ;
  • 마틴 (서울대학교 전기정보공학부, 서울대학교 반도체 공동연구소) ;
  • 백윤흥 (서울대학교 전기정보공학부, 서울대학교 반도체 공동연구소)
  • Jin-myung Choi (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University) ;
  • Hyunjun Kim (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University) ;
  • Martin Kayondo (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University) ;
  • Yun-heung Paek (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University)
  • 발행 : 2024.05.23
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Fuzzing is widely used as a testing tool to identify vulnerabilities in software programs. Although AFL++ has emerged to facilitate the integration and development of many fuzzers, there are still numerous advance fuzzing technologies that have not yet been incorporated. Among these, we have integrated state-of-the-art directed-based fuzzing techniques into AFL++ to operate in QEMU mode.

키워드

과제정보

This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIT) (RS-2023-00277326), Institute of Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government(MSIT) (No.2020-0-01840,Analysis on technique of accessing and acquiring user data in smartphone), the BK21 FOUR program of the Education and Research Program for Future ICT Pioneers, Seoul National University in 2024, Institute of Information & communications Technology Planning & Evaluation (IITP) under the artificial intelligence semiconductor support program to nurture the best talents(IITP-2023-RS-2023-00256081) grant funded by the Korea government(MSIT), Inter-University Semiconductor Research Center (ISRC)

참고문헌

  1. Manes, V. J., Han, H., Han, C., Cha, S. K., Egele, M., Schwartz, E. J., & Woo, M. (2019). The art, science, and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering, 47(11), 2312-2331.
  2. Fioraldi, A., Maier, D., Eissfeldt, H., & Heuse, M. (2020). {AFL++}: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies (WOOT 20)
  3. Bohme, M., Pham, V. T., Nguyen, M. D., & Roychoudhury, A. (2017, October). Directed greybox fuzzing. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (pp. 2329-2344).
  4. Luo, C., Meng, W., & Li, P. (2023, May). Selectfuzz: Efficient directed fuzzing with selective path exploration. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 2693-2707). IEEE.
  5. F. Dong, C. Dong, Y. Zhang, and T. Lin, "Binary-oriented hybrid fuzz testing," in International Conference on Software Engineering and Service Science, 2015.
  6. J. Peng, F. Li, B. Liu, L. Xu, B. Liu, K. Chen, and W. Huo, "1dvul: Discovering 1-day vulnerabilities through binary patches," in Proceedings of the 2019 International Conference on Dependable Systems and Networks (DSN), Portland, OR, USA, Jun. 2019.