Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1079

A Study of Coverage Improvement for Library Fuzzing  

Kim, Seoyoung (The Affiliated Institute of ETRI)
Cho, Mingi (Information Security Lab, GSI, Yonsei University)
Kim, Jongshin (Information Security Lab, GSI, Yonsei University)
Kwon, Taekyoung (Information Security Lab, GSI, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1079-1085 More about this Journal
Abstract
Fuzzing is used to find vulnerabilities for a library. Because library fuzzing only tests the implemented functions, in order to achieve higher code coverage, additional functions that are not implemented should be implemented. However, if a function is added without regard to the calling relationship of the functions in the library, a problem may arise that the function that has already been tested is added. We propose a novel method to improve the code coverage of library fuzzing. First, we analyze the function call graph of the library to efficiently add the functions for library fuzzing, and additionally implement a library function that has not been implemented. Then, we apply a hybrid fuzzing to explore for branches with complex constraints. As a result of our experiment, we observe that the proposed method is effective in terms of increasing code coverage on OpenSSL, mbedTLS, and Crypto++.
Keywords
Fuzzing; Library Fuzzing; Hybrid Fuzzing; Code Coverag;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 J. Jang, and H. Kim, "Automated Applying Greybox Fuzzing to C/C++ Library Using Unit Test," Journal of KIISC, 29(4), pp. 807-819, Aug. 2019.
2 Netcraft, "Half a million widely truste d websites vulnerable to Heartbleed bug," Apr. 2014.
3 J. Drak, "Stagefright: Scary Code in the Heart of Android," BlackHat USA, Aug. 2015.
4 B. P. Miller, L. Fredriksen, and B. So, "An Empirical Study of the Reliability of UNIX Utilities," Communications of the ACM, vol. 33, no. 12, pp. 32-44, Dec. 1990.   DOI
5 R. Majumdar and K. Sen, "Hybrid Concolic Testing," Proceedings of the International Conference on Software Engineering, pp. 416-426, May. 2007.
6 l. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim., "QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing," Proceedings of the USENIX Security, pp. 745-761, Aug. 2018.
7 M. Cho, S. Kim and T. Kwon, "Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing," Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 515-530, Nov. 2019.
8 Guidovranken, "Cryptofuzz," https://github.com/guidovranken/cryptofuzz, 2019.
9 K. Serebryany, "libFuzzer - a library for coverage-guided fuzz testing." LLVM project, 2015.
10 mbedTLS, https://github.com/ARMmbed/mbedtls
11 Crypto++, https://www.cryptopp.com
12 OpenSSL, https://www.openssl.org