Abstract
Fuzz testing is widely used as an automatic solution for discovering vulnerabilities in binary programs that process files. Restricted by their high blindness and low code path coverage, fuzzing tests typically provide quite low efficiencies. In this paper, a novel API in-memory fuzz testing technique for eliminating the blindness of existing techniques is discussed. This technique employs dynamic taint analyses to locate the routines and instructions that belong to the target binary executables, and it consists of parsing and processing the input data. Within the testing phase, binary instrumentation is used to construct loops around such routines, in which the contained taint memory values are mutated in each loop. According to experiments using the prototype tool, this technique could effectively detect defects such as stack overflows. Compared with traditional fuzzing tools, this API in-memory fuzzing eliminated the bottleneck of interrupting execution paths and gained a greater than 95 % enhancement in execution speed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Aitel D (2002) The advantages of block-based protocol analysis for security testing. Immunity Inc, pp 105–106
Amini P (2006) Paimei-reverse engineering framework. In: RECON06: reverse engineering conference, Montreal, Canada
Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. ACM SIGOPS Op Syst Rev 37(5):164–177
Bellard F (2005) Qemu, a fast and portable dynamic translator. In: USENIX annual technical conference, FREENIX track, pp 41–46
Bhansali S, Chen WK, De Jong S, Edwards A, Murray R, Drinić M, Mihočka D, Chau J (2006) Framework for instruction-level tracing and analysis of program executions. In: Proceedings of the 2nd international conference on virtual execution environments, pp 154–163. ACM
Corelan Team (2010) In memory fuzzing. https://www.corelan.be/index.php/2010/10/20/in-memory-fuzzing/
Cui B, Wang F, Guo T, Dong G, Zhao B (2013) Flowwalker: a fast and precise off-line taint analysis framework. In: Emerging intelligent data and web technologies (EIDWT), 2013 fourth international conference on, pp 583–588. IEEE
Dunlap GW, Lucchetti DG, Fetterman MA, Chen PM (2008) Execution replay of multiprocessor virtual machines. In: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on virtual execution environments, pp 121–130. ACM
Hex-Rays SA (2014) Ida pro disassembler. https://www.hex-rays.com/products/ida/
Laadan O, Viennot N, Nieh J (2010) Transparent, lightweight application execution replay on commodity multiprocessor operating systems. In: ACM SIGMETRICS performance evaluation review, vol 38, pp 155–166. ACM
Luk CK, Cohn R, Muth R, Patil H, Klauser A, Lowney G, Wallace S, Reddi VJ, Hazelwood K (2005) Pin: building customized program analysis tools with dynamic instrumentation. ACM Sigplan Notices 40(6):190–200
Michael E, Seth H (2014) Peach-cross-platform smart fuzzer. http://sourceforge.net/projects/peachfuzz/
Newsome J, Song D (2006) Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software
Patil H, Pereira C, Stallcup M, Lueck G, Cownie J (2010) Pinplay: a framework for deterministic replay and reproducible analysis of parallel programs. In: Proceedings of the 8th annual IEEE/ACM international symposium on code generation and optimization, pp 2–11. ACM
Ren S, Li C, Tan L, Xiao Z (2015) Samsara: efficient deterministic replay with hardware virtualization extensions. In: Proceedings of the 6th Asia-Pacific workshop on systems, p 9. ACM
Radamsa A (2010) https://www.ee.oulu.fi/research/ouspg/Radamsa
Ryndin M, Gaisaryan SS (2012) Deterministic replay of program execution based on valgrind framework. In: Proceedings of the spring/summer young researchers colloquium on software engineering, p 6
Schwartz EJ, Avgerinos T, Brumley D (2010) All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Security and privacy (SP), 2010 IEEE symposium on, pp 317–331. IEEE
Srinivasan SM, Kandula S, Andrews CR, Zhou Y (2004) Flashback: a lightweight extension for rollback and deterministic replay for software debugging. In: USENIX annual technical conference, general track, pp 29–44. Boston, MA, USA
Sutton M, Greene A (2005) The art of file format fuzzing. In: Blackhat USA conference
Sutton M, Greene A, Amini P (2007) Fuzzing: brute force vulnerability discovery. Pearson Education
Wang T, Wei T, Gu G, Zou W (2010) Taintscope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: Security and privacy (SP), 2010 IEEE symposium on, pp 497–512. IEEE
Wang Y, Patil H, Pereira C, Lueck G, Gupta R, Neamtiu L (2014) Drdebug: deterministic replay based cyclic debugging with dynamic slicing. In: Proceedings of annual IEEE/ACM international symposium on code generation and optimization, p 98. ACM
Acknowledgments
The research did not involve human participants or animals. The sources of funding include National Natural Science Foundation of China (No. 61272493). There are no potential conflicts of interests.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Compliance with ethical standards
On behalf of, and having obtained permission from all the authors, I declare that: the material has not bee published in whole or in part elsewhere; the paper is not currently being considered for publication elsewhere; all authors have been personally and actively involved in substantive work leading to the report, and will hold themselves jointly and individually responsible for its content.
Conflict of interest
The authors declare that they have no confilict of interest.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Cui, B., Wang, F., Hao, Y. et al. WhirlingFuzzwork: a taint-analysis-based API in-memory fuzzing framework. Soft Comput 21, 3401–3414 (2017). https://doi.org/10.1007/s00500-015-2017-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-015-2017-6