CrFuzz: Fuzzing Multi-purpose Programs through Input Validation
Fuzz testing has been proved its effectiveness in discovering
software vulnerabilities. Empowered its randomness nature along
with a coverage-guiding feature, fuzzing has been identified a vast
number of vulnerabilities in real-world programs. This paper begins
with an observation that the design of the current state-of-the-art
fuzzers is not well suited for a particular (but yet important) set
of software programs. Specifically, current fuzzers have limitations
in fuzzing programs serving multiple purposes, where each purpose is
controlled by extra options.
This paper proposes CrFuzz, which overcomes this limitation.
CrFuzz designs a clustering analysis to automatically predict if
a newly given input would be accepted or not by a target program.
Exploiting this prediction capability, CrFuzz is designed to
efficiently explore the programs with multiple purposes. We employed
CrFuzz for three state-of-the-art fuzzers, AFL, QSYM, and MOpt,
and CrFuzz-augmented versions have shown 19.3% and 5.68% better path
and edge coverage on average. More importantly, during two weeks of
long-running experiments, CrFuzz discovered 277 previously unknown
vulnerabilities where 212 of those are already confirmed and fixed
by the respected vendors. We would like to emphasize that many of
these vulnerabilities were discoverd from FFMpeg, ImageMagick, and
Graphicsmagick, all of which are targets of Google's OSS-Fuzz project
and thus heavily fuzzed for last three years by far. Nevertheless,
CrFuzz identified a remarkable number of vulnerabilities, demonstrating
its effectiveness of vulnerability finding capability.
Tue 10 Nov Times are displayed in time zone: (UTC) Coordinated Universal Time change
| 08:00 - 08:02 Talk | Boosting Fuzzer Efficiency: An Information Theoretic PerspectiveACM SIGSOFT Distinguished Paper Award Research Papers Marcel BöhmeMonash University, Australia, Valentin ManèsKAIST, South Korea, Sang Kil ChaKAIST, South Korea DOI | ||
| 08:03 - 08:04 Talk | CrFuzz: Fuzzing Multi-purpose Programs through Input Validation Research Papers Suhwan SongSeoul National University, South Korea, Chengyu SongUniversity of California at Riverside, USA, Yeongjin JangOregon State University, USA, Byoungyoung LeeSeoul National University, South Korea DOI | ||
| 08:05 - 08:06 Talk | Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing Research Papers Muhammad Numair MansurMPI-SWS, Germany, Maria ChristakisMPI-SWS, Valentin WüstholzConsenSys, Fuyuan ZhangMPI-SWS, Germany DOI Pre-print | ||
| 08:07 - 08:08 Talk | Fuzzing: On the Exponential Cost of Vulnerability Discovery Research Papers DOI | ||
| 08:09 - 08:10 Talk | Harvey: A Greybox Fuzzer for Smart Contracts Industry Papers DOI Pre-print | ||
| 08:11 - 08:12 Talk | Intelligent REST API Data Fuzzing Research Papers Patrice GodefroidMicrosoft Research, USA, Bo-Yuan HuangPrinceton University, USA, Marina PolishchukMicrosoft Research, USA DOI | ||
| 08:13 - 08:14 Talk | MTFuzz: Fuzzing with a Multi-task Neural Network Research Papers Dongdong SheColumbia University, USA, Rahul KrishnaColumbia University, USA, Lu YanShanghai Jiao Tong University, China, Suman JanaColumbia University, USA, Baishakhi RayColumbia University, USA DOI Pre-print | ||
| 08:15 - 08:30 Talk | Conversations on Fuzzing Research Papers Dongdong SheColumbia University, USA, Muhammad Numair MansurMPI-SWS, Germany, Marcel BöhmeMonash University, Australia, Suhwan SongSeoul National University, South Korea, Valentin WüstholzConsenSys, M: Mike PapadakisUniversity of Luxembourg, Luxembourg | ||