Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.4.587

Automated Building Fuzzing Environment Using Test Framework  

Ryu, Minsoo (School of Cybersecurity, Korea University)
Kim, Dong Young (School of Cybersecurity, Korea University)
Jeon Sanghoonn (School of Cybersecurity, Korea University)
Kim, Huy Kang (School of Cybersecurity, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.4, 2021 , pp. 587-604 More about this Journal
Abstract
Because the library cannot be run independently and used by many applications, it is important to detect vulnerabilities in the library. Fuzzing, which is a dynamic analysis, is used to discover vulnerabilities for the library. Although this fuzzing technique shows excellent results in terms of code coverage and unique crash counts, it is difficult to apply its effects to library fuzzing. In particular, a fuzzing executable and a seed corpus are needed that execute the library code by calling a specific function sequence and passing the input of the fuzzer to reproduce the various states of the library. Generating the fuzzing environment such as fuzzing executable and a seed corpus is challenging because it requires both understanding about the library and fuzzing knowledge. We propose a novel method to improve the ease of library fuzzing and enhance code coverage and crash detection performance by using a test framework. The systems's performance in this paper was applied to nine open-source libraries and was verified through comparison with previous studies.
Keywords
Library Fuzzing; Automation; Test Framework;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball, "Feedback-directed random test generation," 29th International Conference on Software Engineering (ICSE'07), pp. 75-84, IEEE, May 2007.
2 W. Zheng, Q. Zhang, M. Lyu, and T. Xie, "Random unit-test generation with mut-aware sequence recommendation," Proceedings of the IEEE/ACM international conference on Automated software engineering, pp. 293-296, Sep. 2010.
3 M. Pradel and T.R. Gross, "Leveraging test generation and specification mining for automated bug detection without false positives," 2012 34th International Conference on Software Engineering (ICSE), pp. 288-298, IEEE, Jun. 2012.
4 J. Wang, B. Chen, L. Wei, and Y. Liu, "Skyfire: Data-driven seed generation for fuzzing," 2017 IEEE Symposium on Security and Privacy (SP), pp. 579-594, IEEE, May 2017.
5 C. Lyu, S. Ji, Y. Li, J. Zhou, J. Chen, and J. Chen, "Smartseed:Smartseed generation for efficient fuzzing," arXiv preprint arXiv:1807.02606, Jul. 2018.
6 I.J. Goodfellow, J. PougetAbadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, "Generative adversarial networks," arXiv preprint arXiv:1406.2661, Jun. 2014.
7 K. Sen, "Concolic testing," in Proceedings of the Twenty-Second IEEE/ACM International Conference on Automated Software Engineering, ASE '07, pp. 571-572, Nov. 2007
8 V.J.M. Manes, H. Han, C. Han, S.K. Cha, M. Egele, E.J. Schwartz, and M. Woo, "The art, science, and engineering of fuzzing: A survey," IEEE Transactions on Software Engineering, Oct. 2019.   DOI
9 D. Babic, S. Bucur, Y. Chen, F. Ivancic, T. King, M. Kusano, C. Lemieux, L. Szekeres, and W. Wang, "Fudge: fuzz driver generation at scale," Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 975-985, Aug. 2019.
10 B.P. Miller, L. Fredriksen, and B. So, "An empirical study of the reliability of unix utilities," Communications of the ACM, vol. 33, no. 12, pp. 32-44, Dec. 1990.   DOI
11 H. Zhong, T. Xie, L. Zhang, J. Pei, and H. Mei, "MAPO: Mining and Recommending API Usage Patterns," European Conference on Object Oriented Programming, pp. 318-343, Jul. 2009.
12 GitHub, "FuzzBuilderEx", http://github.com/kppw99/FuzzBuilderEx, Accesse d: Apr. 2021.
13 C. Lemieux and K. Sen, "Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage," Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 475-485, Sep. 2018.
14 J. Choi, J. Jang, C. Han, and S.K. Cha, "Grey-box concolic testing on binary code," 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pp. 736-747, IEEE, May 2019.
15 V. Jain, S. Rawat, C. Giuffrida, and H. Bos, "Tiff: using input type inference to improve fuzzing," Proceedings of the 34th Annual Computer Security Applications Conference, pp. 505-517, Dec. 2018.
16 N. Coppik, O. Schwahn, and N. Suri, "Memfuzz: Using memory accesses to guide fuzzing," 2019 12th IEEE Conference on Software Testing, Validation and Verification(ICST), pp. 48-58, IEEE, Apr. 2019.
17 M.A. Saied, O. Benomar, H. Abdeen, and H. Sahraoui, "Mining multi-level api usage patterns," 2015 IEEE 22nd international conference on software analysis, evolution, and reengineering (SANER), pp. 23-32, IEEE, Mar. 2015.
18 M. Bohme, V.-T. Pham, M.-D. Nguyen, and A. Roychoudhury, "Directed greybox fuzzing," Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2329-2344, Oct. 2017.
19 AFL, "american fuzzy lop," https://lcamtuf.coredump.cx/afl/, Accessed: Feb. 2021.
20 M. Bohme, V.-T. Pham, and A. Roychoudhury, "Coverage-based greybox fuzzing as markov chain," IEEE Transactions on Software Engineering, vol. 45, no. 5, pp. 489-506, Dec. 2017.   DOI
21 S. Gan, C. Zhang, X. Qin, X. Tu, K. Li, Z. Pei, and Z. Chen, "Collafl: Path sensitive fuzzing," 2018 IEEE Symposium on Security and Privacy (SP), pp. 679-696, IEEE, Jul. 2018.
22 H. Peng, Y. Shoshitaishvili, and M. Payer, "T-fuzz: fuzzing by program transformation," 2018 IEEE Symposium on Security and Privacy (SP), pp. 697-710, IEEE, Jul. 2018.
23 J. Fowkes and C. Sutton, "Parameterfree probabilistic api mining across github," Proceedings of the 2016 24th ACM SIGSOFT international symposium on foundations of software engineering, pp. 254-265, Nov. 2016.
24 J.E. Montandon, H. Borges, D. Felix, and M.T. Valente, "Documenting apis with examples: Lessons learned with the api miner platform," 2013 20th working conference on reverse engineering (WCRE), pp. 401-408, IEEE, Oct. 2013.
25 L. Moreno, G. Bavota, M. Di Penta, R. Oliveto, and A. Marcus, "How can i use this method?," 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 880-890, IEEE, May 2015.
26 S. Zhang, D. Saff, Y. Bu, and M.D. Ernst, "Combined static and dynamic automated test generation," Proceedings of the 2011 International Symposium on Software Testing and Analysis, pp. 353-363, Jul. 2011.
27 Y. Li, B. Chen, M. Chandramohan, S.-W. Lin, Y. Liu, and A. Tiu, "Steelix: program-state based binary fuzzing," Proceedings of the 2017 11th Joint Meeting on Foundationsof Software Engineering, pp. 627-637, Aug. 2017.
28 N. Katirtzis, T. Diamantopoulos, and C.A. Sutton, "Summarizing software api usage examples using clustering techniques.," FASE, pp. 189-206, Apr. 2018.
29 N. Stephens, J. Grosen, C. Salls, A. Dutcher, R. Wang, J. Corbetta, Y. Shoshitaishvili, C. Kruegel, and G. Vigna, "Driller: Augmenting fuzzing through selective symbolic execution.," NDSS, vol. 16, pp. 1-16, Jan. 2016.
30 S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos, "Vuzzer: Application-aware evolutionary fuzzing.," NDSS, vol. 17, pp. 1-14, Feb. 2017.
31 I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim, "{QSYM}: A practical concolic execution engine tailored for hybrid fuzzing," 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 745-761, Aug. 2018.
32 P. Chen and H. Chen, "Angora: Efficient fuzzing by principled search," 2018 IEEE Symposium on Security and Privacy (SP), pp. 711-725, IEEE, Jul. 2018.
33 K. Ispoglou, D. Austin, V. Mohan, and M. Payer, "Fuzzgen: Automatic fuzzer generation," 29th {USENIX} Security Symposium ({USENIX} Security 20), pp. 2271-2287, Aug. 2020.
34 J. Jang and H.K. Kim, "Fuzzbuilder: automated building greybox fuzzing environment for c/c++ library," Proceedings of the 35th Annual Computer Security Applications Conference, pp. 627-637, Dec. 2019.