Program State Sensitive Parallel Fuzzing for Real World Software

Program State Sensitive Parallel Fuzzing for Real World Software

Fuzz testing is a widely used technique for software vulnerability detection, but it is still limited in finding bugs nested in the deep program states. Parallel testing is an augmented method aiming to make the best of the computing resource to expose more deep program bugs. However, current parall...

Full description

Bibliographic Details
Main Authors: Jiaxi Ye, Bin Zhang, Ruilin Li, Chao Feng, Chaojing Tang
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Computer security
software testing
parallel fuzzing
vulnerability
Online Access:https://ieeexplore.ieee.org/document/8668503/
id doaj-e0ac5f17db5d4743aa9bd0091f9d59ab
record_format Article
spelling doaj-e0ac5f17db5d4743aa9bd0091f9d59ab2021-03-29T22:48:58ZengIEEEIEEE Access2169-35362019-01-017425574256410.1109/ACCESS.2019.29057448668503Program State Sensitive Parallel Fuzzing for Real World SoftwareJiaxi Ye0https://orcid.org/0000-0001-6389-1056Bin Zhang1Ruilin Li2Chao Feng3Chaojing Tang4College of Electronic Science, National University of Defense Technology, Changsha, ChinaCollege of Electronic Science, National University of Defense Technology, Changsha, ChinaCollege of Electronic Science, National University of Defense Technology, Changsha, ChinaCollege of Electronic Science, National University of Defense Technology, Changsha, ChinaCollege of Electronic Science, National University of Defense Technology, Changsha, ChinaFuzz testing is a widely used technique for software vulnerability detection, but it is still limited in finding bugs nested in the deep program states. Parallel testing is an augmented method aiming to make the best of the computing resource to expose more deep program bugs. However, current parallel testing methods cannot deal well with task slicing so that the parallel nodes show serious duplication with each other, thus decreasing the efficiency in total. For instance, the original parallel mode of the well-known fuzzer American fuzzy lop (AFL) does not split the task and just synchronizes the interesting seeds without any internal execution information. In this paper, we put forward a novel program state sensitive parallel testing method, which: 1) splits the task into low correlated subtasks according to the program states and 2) adjusts the mutation engine to confine one instance's testing among its subtask-related code region as more as possible. Our method is an objective to reduce the testing collision between parallel instances and therefore improve the performance. We developed a new fuzzer called PAFL and implemented some experiments to investigate that if our parallel testing framework is positive when deploying multiple instances and if it shows a better path discovery compared with two state-of-the-art fuzzers, AFL and AFLFast. In the experiments, we employed PAFL with 1/2/4/8/16 to observe their path discovery and conclude that our new parallel framework is positive when using more multiple instances. We also compared PAFL with AFL and AFLFast by employing eight parallel instances for each fuzzer, and the results prove that our tool has the best path discovery among the three fuzzers. Compared with the original parallel AFL, PAFL can achieve averaged performance gains of 3.98, 3.04, 4.18, and 1.45 on the c++filt, objdump, readelf, and tcpdump, respectively. Besides, we took PAFL on binutils and libtiff, and finally, we found ten new bugs.https://ieeexplore.ieee.org/document/8668503/Computer securitysoftware testingparallel fuzzingvulnerability
collection DOAJ
language English
format Article
sources DOAJ
author Jiaxi Ye
Bin Zhang
Ruilin Li
Chao Feng
Chaojing Tang
spellingShingle Jiaxi Ye
Bin Zhang
Ruilin Li
Chao Feng
Chaojing Tang
Program State Sensitive Parallel Fuzzing for Real World Software
IEEE Access
Computer security
software testing
parallel fuzzing
vulnerability
author_facet Jiaxi Ye
Bin Zhang
Ruilin Li
Chao Feng
Chaojing Tang
author_sort Jiaxi Ye
title Program State Sensitive Parallel Fuzzing for Real World Software
title_short Program State Sensitive Parallel Fuzzing for Real World Software
title_full Program State Sensitive Parallel Fuzzing for Real World Software
title_fullStr Program State Sensitive Parallel Fuzzing for Real World Software
title_full_unstemmed Program State Sensitive Parallel Fuzzing for Real World Software
title_sort program state sensitive parallel fuzzing for real world software
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description Fuzz testing is a widely used technique for software vulnerability detection, but it is still limited in finding bugs nested in the deep program states. Parallel testing is an augmented method aiming to make the best of the computing resource to expose more deep program bugs. However, current parallel testing methods cannot deal well with task slicing so that the parallel nodes show serious duplication with each other, thus decreasing the efficiency in total. For instance, the original parallel mode of the well-known fuzzer American fuzzy lop (AFL) does not split the task and just synchronizes the interesting seeds without any internal execution information. In this paper, we put forward a novel program state sensitive parallel testing method, which: 1) splits the task into low correlated subtasks according to the program states and 2) adjusts the mutation engine to confine one instance's testing among its subtask-related code region as more as possible. Our method is an objective to reduce the testing collision between parallel instances and therefore improve the performance. We developed a new fuzzer called PAFL and implemented some experiments to investigate that if our parallel testing framework is positive when deploying multiple instances and if it shows a better path discovery compared with two state-of-the-art fuzzers, AFL and AFLFast. In the experiments, we employed PAFL with 1/2/4/8/16 to observe their path discovery and conclude that our new parallel framework is positive when using more multiple instances. We also compared PAFL with AFL and AFLFast by employing eight parallel instances for each fuzzer, and the results prove that our tool has the best path discovery among the three fuzzers. Compared with the original parallel AFL, PAFL can achieve averaged performance gains of 3.98, 3.04, 4.18, and 1.45 on the c++filt, objdump, readelf, and tcpdump, respectively. Besides, we took PAFL on binutils and libtiff, and finally, we found ten new bugs.
topic Computer security
software testing
parallel fuzzing
vulnerability
url https://ieeexplore.ieee.org/document/8668503/
work_keys_str_mv AT jiaxiye programstatesensitiveparallelfuzzingforrealworldsoftware
AT binzhang programstatesensitiveparallelfuzzingforrealworldsoftware
AT ruilinli programstatesensitiveparallelfuzzingforrealworldsoftware
AT chaofeng programstatesensitiveparallelfuzzingforrealworldsoftware
AT chaojingtang programstatesensitiveparallelfuzzingforrealworldsoftware
_version_ 1724190854285885440

Similar Items