Practical Advances in Fuzzing - Anti-fuzzing, Benchmark, and Directed Fuzzing

模糊測試的實用性進展 - 反模糊測試,基準測試集,以及定向模糊測試

Student thesis: Doctoral Thesis

View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Awarding Institution
Supervisors/Advisors
Award date13 Jun 2024

Abstract

Fuzzing is commonly considered one of the most successful techniques to discover vulnerabilities. As an old software testing technique that has been underdeveloped for almost three decades, revolutionary designs of conventional fuzzers are almost exhausted. Researchers are shifting their attention from improving the fuzzing efficiency to assisting specific applications related to fuzzing. This thesis will explore three emerging directions of fuzzing, and propose the practical advances that we have made in these areas. First, we leveraged the fine-grained block identification of binary-only fuzzing to design a lightweight fake block mechanism of anti-fuzzing and novel detection methods of binary-only fuzzing. Second, we noticed a challenge of synthetic benchmarks in that they overlook hidden constraints, e.g., bugs triggered only if specific data flows are satisfied. To address this challenge, we design a transformation from normal constraints to integer-overflow-based hidden constraints to model real-world bugs more accurately. Finally, we realized the inefficient exploitation strategy of existing directed grey-box fuzzers, which wasted much energy on insignificant paths. Our solution strategy, “constrained fuzzing”, pruned all paths insignificant to the bug exploitation and focused the fuzzing on the path to the target block. We have evaluated all prototypes against state-of-the-art benchmarks and related targets and proven the effectiveness and usability of our tools.

    Research areas

  • Fuzzing, Software testing, Anti-fuzzing, Vulnerability Detection