Towards Tightly-coupled Hybrid Fuzzing via Excavating Input Specifications
IEEE Transactions on Dependable and Secure Computing(2024)
摘要
Hybrid fuzzing, which combines fuzzing and concolic execution based on the observation that these two types of techniques are complementary, has recently become a research focus. Several hybrid fuzzing studies have shown that concolic execution can assist fuzzing in exploring deeper program states and discovering more vulnerabilities. Despite advances in hybrid fuzzing, most existing techniques employ a result-oriented scheme in which fuzzing and concolic execution cooperate by synchronizing generated test cases. Such cooperation underestimates the sophisticated analysis of concolic execution on the program. Based on the observation that concolic execution can generate abundant program states, which are desirable to be investigated for improving the performance of hybrid fuzzing, we propose a tightly-coupled hybrid fuzzing technique by excavating input specifications from concolic execution. Specifically, we define and excavate three input specification types: critical region, critical value, and type inference. We further design new fuzzing mutation algorithms to leverage them to guide the exploration of the program states. We implement three prototypes,
Gear-Driller
,
Gear-DigFuzz
and
Gear-QSYM
, on top of Driller, DigFuzz and QSYM, respectively. Experimental results show that
Gear-Driller
,
Gear-DigFuzz
and
Gear-QSYM
outperform Driller, DigFuzz and QSYM with larger code coverage, more discovered vulnerabilities, and higher efficiency in finding vulnerabilities.
更多查看译文
关键词
Concolic execution,fuzzing,hybrid fuzzing,software security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要