research-article

FuzzBuilder: automated building greybox fuzzing environment for C/C++ library

Authors:
Joonun Jang

Samsung Research, Seoul, Republic of Korea

Samsung Research, Seoul, Republic of Korea
View Profile

,
Huy Kang Kim

Korea University, Seoul, Republic of Korea

Korea University, Seoul, Republic of Korea
View Profile

ACSAC '19: Proceedings of the 35th Annual Computer Security Applications ConferenceDecember 2019Pages 627–637https://doi.org/10.1145/3359789.3359846

Published:09 December 2019Publication History

ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference

Pages 627–637

ABSTRACT

Fuzzing is an effective method to find bugs in software. Many security communities are interested in fuzzing as an automated approach to verify software security because most of the bugs discovered by fuzzing are related to security vulnerabilities. However, not all software can be tested by fuzzing because fuzzing requires a running environment, especially an executable. Notably, in the case of libraries, most of the libraries do not have a relevant executable in practice. Thus, state-of-the-art fuzzers have a limitation to test an arbitrary library. To overcome this problem, we propose FuzzBuilder to provide an automated fuzzing environment for libraries. FuzzBuilder generates an executable that calls library API functions to enable library fuzzing. Moreover, any executable generated by FuzzBuilder is compatible with existing fuzzers such as AFL. We evaluate the overall performance of FuzzBuilder by testing open source libraries. Consequently, we discovered unknown bugs in libraries while achieving high code coverage. We believe that FuzzBuilder helps security researchers to save both setup cost and learning cost for library fuzzing.

References

1997. expat. https://github.com/libexpat/libexpatGoogle Scholar
2003. c-ares. https://github.com/c-ares/c-aresGoogle Scholar
2008. Google Test. https://github.com/google/googletestGoogle Scholar
2008. yara. https://github.com/VirusTotal/yaraGoogle Scholar
2009. cJSON. https://github.com/DaveGamble/cJSONGoogle Scholar
2012. JUnit Best Practices Guide. https://howtodoinjava.com/best-practices/unit-testing-best-practices-junit-reference-guide/Google Scholar
2013. mpc. https://github.com/orangeduck/mpcGoogle Scholar
2014. boringssl. https://github.com/google/boringsslGoogle Scholar
2016. lafintel. https://lafintel.wordpress.com/Google Scholar
2017. notes for asan. https://github.com/mirrorer/afl/blob/master/docs/notes_for_asan.txtGoogle Scholar
2019. clusterfuzz. https://github.com/google/clusterfuzzGoogle Scholar
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. 2017. Directed greybox fuzzing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2329--2344.Google ScholarDigital Library
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury. 2017. Coverage-based greybox fuzzing as markov chain. IEEE Transactions on Software Engineering (2017).Google Scholar
Peng Chen and Hao Chen. 2018. Angora: Efficient fuzzing by principled search. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 711--725.Google ScholarCross Ref
Jaeseung Choi, Joonun Jang, Choongwoo Han, and Sang Kil Cha. 2019. Greybox Concolic Testing on Binary Code. In International Conference on Software Engineering (ICSE).Google Scholar
Nicolas Coppik, Oliver Schwahn, and Neeraj Suri. 2019. MemFuzz: Using Memory Accesses to Guide Fuzzing. In 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). IEEE, 48--58.Google ScholarCross Ref
Shuitao Gan, Chao Zhang, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen. 2018. CollAFL: Path sensitive fuzzing. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 679--696.Google ScholarCross Ref
HyungSeok Han and Sang Kil Cha. 2017. Imf: Inferred model-based fuzzer. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2345--2358.Google ScholarDigital Library
Vivek Jain, Sanjay Rawat, Cristiano Giuffrida, and Herbert Bos. 2018. TIFF: Using Input Type Inference To Improve Fuzzing. In Proceedings of the 34th Annual Computer Security Applications Conference. ACM, 505--517.Google ScholarDigital Library
George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating fuzz testing. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2123--2138.Google ScholarDigital Library
Chris Lattner and Vikram Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization. IEEE Computer Society, 75.Google ScholarDigital Library
Yuekang Li, Bihuan Chen, Mahinthan Chandramohan, Shang-Wei Lin, Yang Liu, and Alwen Tiu. 2017. Steelix: program-state based binary fuzzing. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM, 627--637.Google ScholarDigital Library
Hui Peng, Yan Shoshitaishvili, and Mathias Payer. 2018. T-Fuzz: fuzzing by program transformation. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 697--710.Google ScholarCross Ref
Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing.. In NDSS, Vol. 17. 1--14.Google Scholar
Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. 2014. Optimizing seed selection for fuzzing. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 861--875.Google Scholar
Kosta Serebryany. 2016. Continuous fuzzing with libfuzzer and addresssanitizer. In 2016 IEEE Cybersecurity Development (SecDev). IEEE, 157--157.Google Scholar
Kostya Serebryany. 2017. OSS-Fuzz-Google's continuous fuzzing service for open source software. (2017).Google Scholar
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Presented as part of the 2012 {USENIX} Annual Technical Conference ({USENIX}{ATC} 12). 309--318.Google Scholar
Lingyun Situ, Linzhang Wang, Xuandong Li, Le Guan, Wenhui Zhang, and Peng Liu. 2019. Energy distribution matters in greybox fuzzing. In Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings. IEEE Press, 270--271.Google ScholarDigital Library
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS, Vol. 16. 1--16.Google Scholar
Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2017. Skyfire: Data-driven seed generation for fuzzing. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 579--594.Google ScholarCross Ref
Maverick Woo, Sang Kil Cha, Samantha Gottlieb, and David Brumley. 2013. Scheduling black-box mutational fuzzing. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 511--522.Google ScholarDigital Library
Wei You, Xuwei Liu, Shiqing Ma, David Perry, Xiangyu Zhang, and Bin Liang. 2019. SLF: Fuzzing without Valid Seed Inputs. In Proceedings of the 41st International Conference on Software Engineering, ICSE, Vol. 2019.Google ScholarDigital Library
Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. {QSYM}: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 745--761.Google Scholar
Michal Zalewski. 2014. American Fuzzy Lob. http://lcamtuf.coredump.cx/afl/Google Scholar
Michal Zalewski. 2015. american fuzzy lop technical whitepaper. http://lcamtuf.coredump.cx/afl/technical_details.txt (2015).Google Scholar

Index Terms

FuzzBuilder: automated building greybox fuzzing environment for C/C++ library
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

JFuzz: A Tool for Automated Java Unit Testing Based on Data Mutation and Metamorphic Testing Methods
TSA '15: Proceedings of the 2015 Second International Conference on Trustworthy Systems and Their Applications

Automated test framework plays a significant role in test driven software development methodologies. The XUnit family of testing tools has been widely used in the industry. However, they are weak in supporting test case generation and test result ...
Read More
The Effectiveness of T-Way Test Data Generation
SAFECOMP '08: Proceedings of the 27th international conference on Computer Safety, Reliability, and Security

This paper reports the results of a study comparing the effectiveness of automatically generated tests constructed using random and <em>t</em>-way combinatorial techniques on safety related industrial code using mutation adequacy criteria. A reference ...
Read More
Compressing Automatically Generated Unit Test Suites Through Test Parameterization
Fundamentals of Software Engineering
Abstract
Test maintenance has recently gained increasing attention from the software testing research community. When using automated unit test generation tools, the tests are typically created by random test generation or search-based algorithms. Although ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference
December 2019
821 pages
ISBN:9781450376280
DOI:10.1145/3359789
Conference Chair:
David Balenson
SRI International
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 December 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Evaluated & Reusable
Author Tags
greybox fuzzing
library fuzzing
software development
unit test
Qualifiers
- research-article
Conference

Acceptance Rates
ACSAC '19 Paper Acceptance Rate60of266submissions,23%Overall Acceptance Rate104of497submissions,21%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 2
  Total Citations
  View Citations
- 615
  Total Downloads
- Downloads (Last 12 months)96
- Downloads (Last 6 weeks)19
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

FuzzBuilder: automated building greybox fuzzing environment for C/C++ library

ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

JFuzz: A Tool for Automated Java Unit Testing Based on Data Mutation and Metamorphic Testing Methods

The Effectiveness of T-Way Test Data Generation

Compressing Automatically Generated Unit Test Suites Through Test Parameterization