poster

Poster: Directed Hybrid Fuzzing on Binary Code

Authors:

Juhwan Kim,

Joobeom YunAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2637 - 2639

https://doi.org/10.1145/3319535.3363275

Published: 06 November 2019 Publication History

Get Access

Abstract

Hybrid fuzzers combine both fuzzing and concolic execution with the wish that the fuzzer will quickly explore input spaces and the concolic execution will solve the complex path conditions. However, existing hybrid fuzzers such as Driller cannot be effectively directed, for instance, towards unsafe system calls or suspicious locations, or towards functions in the call stack of a reported vulnerability that we wish to reproduce. In this poster, we propose DrillerGO, a directed hybrid fuzzing system, to mitigate this problem. It mainly consists of a static analysis and a dynamic analysis module. In the static analysis, it searches suspicious API call strings in the recovered control flow graph (CFG). After targeting some suspicious API call lines, it runs the concolic execution along with path guiding. The path guiding is helped by backward pathfinding, which is a novel technique to find paths backward from the target to the start of main(). Also, we will show that DrillerGo can find the crashes faster than Driller through experimental results.

References

[1]

P. Oehlert, “Violating assumptions with fuzzing,” IEEE Security Privacy, vol. 3, no. 2, pp. 58--62, 2005.

Digital Library

Google Scholar

[2]

M. Zalewski, “American fuzzy lop.” http://lcamtuf.coredump.cx/afl/.

Google Scholar

[3]

C. Cadar, D. Dunbar, and D. R. Engler, “Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs,” In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2008.

Google Scholar

[4]

R. Majumdar and K. Sen, “Hybrid concolic testing,” In Proceedings of the 29th International Conference on Software Engineering (ICSE), 2007.

Digital Library

Google Scholar

[5]

N. Stephens, J. Grosen, C. Salls, A. Dutcher, R. Wang, J. Corbetta, Y. Shoshitaishvili, C. Kruegel, and G. Vigna, “Driller: Augmenting fuzzing through selective symbolic execution,” In Proceedings of the Symposium on Network and Distributed System Security, 2016.

Google Scholar

[6]

“Darpa cyber grand challenge.” https://github.com/cybergrandchallenge/.

Google Scholar

[7]

Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, and G. Vigna, “(state of) the art of war: Offensive techniques in binary analysis,” In Proceedings of the IEEE Symposium on Security and Privacy, 2016.

Crossref

Google Scholar

[8]

“Common vulnerabilities and exposures.” https://cve.mitre.org/.

Google Scholar

[9]

L. team, “libfuzzer - a library for coverage-guided fuzz testing.” https://llvm.org/docs/LibFuzzer.html.

Google Scholar

[10]

I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim, “Qsym: A practical concolic execution engine tailored for hybrid fuzzing,” In Proceedings of the USENIX Security Symposium, 2018.

Google Scholar

Cited By

View all

Du CGuo YFeng YZheng S(2024)HotCFuzz: Enhancing Vulnerability Detection through Fuzzing and Hotspot Code Coverage AnalysisElectronics10.3390/electronics1310190913:10(1909)Online publication date: 13-May-2024
https://doi.org/10.3390/electronics13101909
Kim JYu JLee YKim DYun J(2024)HD-FUZZ: Hardware dependency-aware firmware fuzzing via hybrid MMIO modelingJournal of Network and Computer Applications10.1016/j.jnca.2024.103835224(103835)Online publication date: Apr-2024
https://doi.org/10.1016/j.jnca.2024.103835
Kim HLee D(2024)CatchFuzz: Reliable active anti-fuzzing techniques against coverage-guided fuzzerComputers & Security10.1016/j.cose.2024.103904143(103904)Online publication date: Aug-2024
https://doi.org/10.1016/j.cose.2024.103904
Show More Cited By

Index Terms

Poster: Directed Hybrid Fuzzing on Binary Code
1. Security and privacy
  1. Software and application security

Recommendations

A Survey of Hybrid Fuzzing based on Symbolic Execution
CIAT 2020: Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies

Fuzzing has now developed into an efficient method of vulnerability mining. Symbolic execution is also a popular software vulnerability mining technology. Both are research hotspots in the field of network and information security. Hybrid fuzzing is the ...
Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all ...
Dr.PathFinder: hybrid fuzzing with deep reinforcement concolic execution toward deeper path-first search
Abstract
Fuzzing is an effective approach to discover bugs in programs, especially memory corruption bugs, using randomly generated test cases. However, without prior knowledge of the target program, the fuzzer can generate only a limited number of test ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

the Basic Science Research Program through the National Research Foundation of Korea (NRF)
the MSIT(Ministry of Science and ICT), Korea, under the ITRC(Information Technology Research Center)

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
637
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)6

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Du CGuo YFeng YZheng S(2024)HotCFuzz: Enhancing Vulnerability Detection through Fuzzing and Hotspot Code Coverage AnalysisElectronics10.3390/electronics1310190913:10(1909)Online publication date: 13-May-2024
https://doi.org/10.3390/electronics13101909
Kim JYu JLee YKim DYun J(2024)HD-FUZZ: Hardware dependency-aware firmware fuzzing via hybrid MMIO modelingJournal of Network and Computer Applications10.1016/j.jnca.2024.103835224(103835)Online publication date: Apr-2024
https://doi.org/10.1016/j.jnca.2024.103835
Kim HLee D(2024)CatchFuzz: Reliable active anti-fuzzing techniques against coverage-guided fuzzerComputers & Security10.1016/j.cose.2024.103904143(103904)Online publication date: Aug-2024
https://doi.org/10.1016/j.cose.2024.103904
Lin PWang PZhou XXie WLu KZhang G(2024)HyperGo: Probability-based Directed Hybrid FuzzingComputers & Security10.1016/j.cose.2024.103851(103851)Online publication date: Apr-2024
https://doi.org/10.1016/j.cose.2024.103851
Benahmed SQasem ALounis ADebbabi M(2024)Modularizing Directed Greybox Fuzzing for Binaries over Multiple CPU ArchitecturesDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-64171-8_5(84-103)Online publication date: 9-Jul-2024
https://doi.org/10.1007/978-3-031-64171-8_5
Luo CMeng WLi P(2023)SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179296(2693-2707)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179296
Bai WWu KWu QLu K(2023)Guiding Directed Fuzzing with Feasibility2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00010(42-49)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00010
Wang PZhou XYue TLin PLiu YLu K(2023)The progress, challenges, and perspectives of directed greybox fuzzingSoftware Testing, Verification and Reliability10.1002/stvr.186934:2Online publication date: 14-Dec-2023
https://doi.org/10.1002/stvr.1869
Zhang LLian KXiao HZhang ZLiu PZhang YYang MDuan H(2022)Exploit the Last Straw That Breaks Android Systems2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833563(2230-2247)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833563
Yu LLu YShen YLi YPan Z(2022)Vulnerability-oriented directed fuzzing for binary programsScientific Reports10.1038/s41598-022-07355-512:1Online publication date: 11-Mar-2022
https://doi.org/10.1038/s41598-022-07355-5
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A Survey of Hybrid Fuzzing based on Symbolic Execution

Improving function coverage with munch: a hybrid fuzzing and directed symbolic execution approach

Dr.PathFinder: hybrid fuzzing with deep reinforcement concolic execution toward deeper path-first search