FOT: A Versatile, Configurable, Extensible Fuzzing Framework

Slides:

Advertisements

Similar presentations

1 Symbolic Execution Kevin Wallace, CSE

Advertisements

Fuzzing and Patch Analysis: SAGEly Advice. Introduction.

TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang 1, Tao Wei 1, Guofei Gu 2, Wei Zou 1 1 Peking.

Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.

Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.

Fuzzing Dan Fleck CS 469: Security Engineering Sources:

Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.

Parameterizing Random Test Data According to Equivalence Classes Chris Murphy, Gail Kaiser, Marta Arias Columbia University.

An Adaptive Multi-Objective Scheduling Selection Framework For Continuous Query Processing Timothy M. Sutherland Bradford Pielech Yali Zhu Luping Ding.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid( ) Mohammad Rashim Uddin( ) Masud Ur Rahman( )

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

A New Fuzzing Technique for Software Vulnerability Testing IEEE CONSEG 2009 Zhiyong Wu 1 J. William Atwood 2 Xueyong Zhu 3 1,3 Network Information Center.

Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs David Molnar Xue Cong Li David Wagner.

Prospector : A Toolchain To Help Parallel Programming Minjang Kim, Hyesoon Kim, HPArch Lab, and Chi-Keung Luk Intel This work will be also supported by.

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.

A Framework for Automated Web Application Security Evaluation

CPIS 357 Software Quality & Testing

Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.

Detecting software clones in binaries Zaharije Radivojević, Saša Stojanović, Miloš Cvetanović School of Electrical Engineering, Belgrade University 14th.

TRACEREP: GATEWAY FOR SHARING AND COLLECTING TRACES IN HPC SYSTEMS Iván Pérez Enrique Vallejo José Luis Bosque University of Cantabria TraceRep IWSG'15.

Budget-based Control for Interactive Services with Partial Execution 1 Yuxiong He, Zihao Ye, Qiang Fu, Sameh Elnikety Microsoft Research.

Automated Whitebox Fuzz Testing (NDSS 2008) Presented by: Edmund Warner University of Central Florida April 7, 2011 David Molnar UC Berkeley

Automated Whitebox Fuzz Testing Network and Distributed System Security (NDSS) 2008 by Patrice Godefroid, ‏Michael Y. Levin, and ‏David Molnar Present.

Software Construction Lecture 18 Software Testing.

TaintScope Presented by: Hector M Lugo-Cordero, MS CAP 6135 April 12, 2011.

jFuzz – Java based Whitebox Fuzzing

Low-Level Virtual Machine support for Eclipse C/C++ Development Tooling Petri Tuononen - 17/5/2011.

Coevolutionary Automated Software Correction Josh Wilkerson PhD Candidate in Computer Science Missouri S&T.

CPSC 871 John D. McGregor Module 8 Session 1 Testing.

Software Quality Assurance and Testing Fazal Rehman Shamil.

 Software Testing Software Testing  Characteristics of Testable Software Characteristics of Testable Software  A Testing Life Cycle A Testing Life.

Recent Exam Connections to Study Techniques Biology.

Automated Adaptive Bug Isolation using Dyninst Piramanayagam Arumuga Nainar, Prof. Ben Liblit University of Wisconsin-Madison.

BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar.

October 20-23rd, 2015 FEEBO: A Framework for Empirical Evaluation of Malware Detection Resilience Against Behavior Obfuscation Sebastian Banescu Tobias.

By Brandon Barton & Eric Van Horn. What is Backtrack 4? Operating system Collection of many security tools world’s leading penetration testing and information.

CPSC 372 John D. McGregor Module 8 Session 1 Testing.

Seyed K. Fayaz, Tushar Sharma, Ari Fogel

Agenda Code Coverage Where to use Benefits Top Tools.

ARIS Extension Pack TOGAF April 2016

Metrics of Software Quality

Configuration Fuzzing for Software Vulnerability Detection

*Acknowledgements: Dawn Song, Kostya Serebryany,

Secure Software Development: Theory and Practice

Introduction to Information Security

MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.

Twitter Augmented Android Malware Detection

Yongle Zhang, Serguei Makarov, Xiang Ren, David Lion, Ding Yuan

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Presented by Mahadevan Vasudevan + Microsoft , *UC-Berkeley

Coverage-Directed Differential Testing of JVM Implementations

Business Decision Modeling

*Acknowledgements: Suman Jana, Dawn Song, Kostya Serebryany,

Build It Break It Fix It Andrew Ruef, Michael Hicks, Dave Levin, James Parker, Atif Memon, Jandelyn Plane, Peter Mardziel.

Software Development Process

Software Testing: A Research Travelogue

Bin Ren, Gagan Agrawal, Brad Chamberlain, Steve Deitz

Dongyun Jin, Patrick Meredith, Dennis Griffith, Grigore Rosu

VUzzer: Application-aware Evolutionary Fuzzing

The role of the test organization in a Security Sensitive project

Leveraging Textual Specifications for Grammar-based Fuzzing of Network Protocols Samuel Jero, Maria Leonor Pacheco, Dan Goldwasser, Cristina Nita-Rotaru.

VUzzer: Application-aware Evolutionary Fuzzing

CSC-682 Advanced Computer Security

(presentor: jee-weon Jung)

System Analysis and Design:

WEST Program Assessments Past and Present

Data Analysis and Reporting

STEPS Site Report.

Mitigating the Effects of Flaky Tests on Mutation Testing

Presentation transcript:

FOT: A Versatile, Configurable, Extensible Fuzzing Framework Hongxu Chen, Yuekang Li, Bihuan Chen, Yinxing Xue, Yang Liu

Contents Background & Motivation Design & Implementation Extension & Evaluation Conclusion

What is fuzzing? The basic idea is to feed the program under test (PUT) with a large amount of (randomly) generated inputs and observe whether the PUT exercise some abnormal behaviors or not. Abnormal behaviors: Crash Timeout ...

What is greybox fuzzing? Blackbox Fuzzing: know nothing about the program internals just feed the PUT with random inputs Whitebox Fuzzing: often refers to symbolic execution relies on heavy-weight techniques Blackbox fuzzing lacks effectiveness. Whitebox fuzzing lacks scalability.

What is greybox fuzzing? Use light-weight program instrumentation to extract program execution information Extract ONLY the needed information coverage target location … Best of two worlds effective scalable

Why another greybox fuzzer? Existing greybox fuzzers: American Fuzzy Lop (AFL) AFLFast AFLGo … Honggfuzz libfuzzer We want a framework: Versatile Configurable Extensible FOT

Contents Background & Motivation Design & Implementation Extension & Evaluation Conclusion

Overall Design Preprocessors Fuzzer Toolchain instrumented program source code Toolchain results program binary

Preprocessors Static Analyzer Binary Rewriter Compiler Configurable: can extract different information Extensible: can add new static analyzers as long as the generated data follows the specified format Binary Rewriter Compiler

Fuzzer Overall Manager Seed Scorer Mutation Manager Executor Configurable: can select from several built-in strategies Extensible: can implement with the provided interface Mutation Manager Executor Feedback Collector

Toolchain For a versatile framework. crash triaging coverage analysis ...

Implementation Core fuzzing logic: ~15000 lines of Rust Library & Tools Preprocessors: ~2600 lines of C/C++ Toolchain: ~2400 lines of Python

Contents Background & Motivation Design & Implementation Extension & Evaluation Conclusion

Extension: Hawkeye Hawkeye is a directed greybox fuzzer implemented based on FOT. Directed fuzzing means to reach the predefined target locations as fast as possible. patch testing crash reproduction ... Published in CCS’18.

Extension: Hawkeye Prioritize the inputs that execute paths closer to the targets. distance prioritize scheduling mutation More details here: https://dl.acm.org/citation.cfm?id=3243849

Extension: Hawkeye Static Analyzer extract the predefined target locations information and the information about the distance to the targets. Compiler Embed the information through instrumentation

Extension: Hawkeye Seed Scorer To give the inputs “closer” to the targets higher scores. Mutation Manager To mutate adaptively according to the distance. Feedback Collector To collect extra feedbacks from the instrumentations.

Other extensions examples Steelix: AFLFast: Connect with other tools (radamsa, KLEE):

Trophies (Bugs found with FOT) Evaluation Feature comparison Trophies (Bugs found with FOT)

Contents Background & Motivation Design & Implementation Extension & Evaluation Conclusion

Conclusion FOT Supports most features versatile configurable extensible Supports most features Finds bugs in real-world programs Contact: Hongxu: hchen017@e.ntu.edu.sg Yuekang: yli044@e.ntu.edu.sg

Thank you !