Registered user since Thu 7 Nov 2019
Contributions
View general profile
Registered user since Thu 7 Nov 2019
Contributions
C has been regarded as a dominant programming language for system software implementation. Meanwhile, it often suffers from various memory vulnerabilities due to its low-level memory control. Quite massive approaches are proposed to enhance memory security, among which Coverage-based Greybox Fuzzing (CGF) is considered to be effective because of its practicality and satisfactory vulnerability detection ability. However, CGF identifies vulnerability based on the verification of detected crashes, thus cannot detect vulnerabilities with non-crash. In this paper, we consider to trace pointer metadata (status, bounds and referents) to detect more various vulnerabilities. Additionally, since pointers in C are often directly related to memory operations, we design two standards to further use pointer metadata as the guidance of CGF, make fuzzing process target to the vulnerable part of programs.
NIER Track
Tue 11 Oct 2022 12:20 - 12:30 at Banquet B - Technical Session 3 - Fuzzing I Chair(s): Aravind MachiryCoverage-guided Greybox fuzzing is regarded as a practical approach to detect software vulnerabilities, which targets to expand code coverage as much as possible. A common implementation is to assign more energy to such seeds which find new edges with less execution time. However, solely considering new edges may less effective because some hard-to-find branches often exist in the complex code of program. Code complexity is one of the key indicators to measure the code security. Compared to the code with simple structure, the program with higher code complexity is more likely to find more branches and cause security problems. To this end, we propose a novel fuzzing method which further use code complexity to optimize power schedule process in AFL (American Fuzzy Lop) and AFLFAST (American Fuzzy Lop Fast) . The goal of our method is to generate inputs which are more bias toward the code with higher complexity of the program under test. In addition, we conduct a preliminary empirical study under three widely used real-world programs, and the experimental results show that the proposed approach can trigger more crashes as well as improve the coverage discovery.