Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.807

Automated Applying Greybox Fuzzing to C/C++ Library Using Unit Test  

Jang, Joon Un (Graduate School of Information Security, Korea University)
Kim, Huy Kang (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 807-819 More about this Journal
Abstract
Greybox fuzzing is known as an effective method to discover unknown security flaws reside in software and has been actively researched today. However, most of greybox fuzzing tools require an executable file. Because of this, a library, which cannot be executed by itself requires an additional executable file for greybox fuzzing. Generating such an executable file is challengeable because it requires both understanding of the library and fuzzing. In this research, we suggest the approach to generate an executable file automatically for a library and implement this approach as a tool based on the LLVM framework. This tool shows that executable files and seed files can be generated automatically by static/dynamic analysis of a unit test in the target project. A generated executable file is compatible with various greybox fuzzers like AFL because it has a common interface for greybox fuzzers. We show the performance of this tool as code coverage and discovered unknown security bugs using generated executable files and seed files from open source projects through this tool.
Keywords
security testing; greybox fuzzing; library fuzzing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Amerian Fuzzy Lob, http://lcamtuf.coredump.cx/afl, Accessed : June, 2019
2 Bohme, Marcel, Van-Thuan Pham, and Abhik Roychoudhury. "Coverage-based greybox fuzzing as markov chain." IEEE Transactions on Software Engineering, vol. 45, no. 5, pp. 489-506, Dec. 2017.   DOI
3 Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida and Herbert Bos, "VUzzer: Application-aware Evolutionary Fuzzing", NDSS, Vol. 17, pp. 1-14, Feb. 2017.
4 Hui Peng, Yan Shoshitaishvili, Mathias Payer, "T-Fuzz: fuzzing by program transformation", 2018 IEEE Symposium on Security and Privacy (SP), pp. 697-710, May. 2018.
5 Peng Chen, Hao Chen, "Angora: Efficient fuzzing by principled search", 2018 IEEE Symposium on Security and Privacy (SP), pp. 711-725, May. 2018.
6 Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, Zuoning Chen, "Collafl: Path sensitive fuzzing", 2018 IEEE Symposium on Security and Privacy (SP), pp. 679-696, May. 2018.
7 Mike Aizatsky, Kostya Serebryany, Oliver Chang, Abhishek Arya and Meredith Whittaker, "Announcing oss-fuzz: Continuous fuzzing for open source software", Google Open Source Blog, 2016.
8 Chris Lattner and Vikram Adve, "LLVM: A compilation framework for lifelong program analysis & transformation", International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization, pp. 75, Mar. 2004.
9 Libfuzzer, https://llvm.org/docs/LibFuzzer.html, Accessed : June, 2019
10 Google Test, https://github.com/google/googletest, Accessed : June, 2019
11 lafintel, https://lafintel.wordpress.com, Accessed : June, 2019
12 Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov, "AddressSanitizer: A fast address sanity checker", as part of the 2012 USENIX Annual Technical Conference, pp. 309-318, Jun. 2012.