AIPUB归智期刊联盟

WeChat

Mobile website

2025-4-3- 1
Home > Archive>Volume 34, Issue 1, 2025 >294-307. DOI:10.15888/j.cnki.csa.009703
PDF HTML XML Export Cite reminder
Fuzzing for Binary Software Based on Program Analysis
Author:
  • Article
    • | |
  • Metrics
    • |
  • Reference [30]
    • |
  • Related [20]
    • | | |
  • Comments
    Abstract:

    Existing methods for binary fuzzing are difficult to dive into programs to find vulnerabilities. To address this problem, this study proposes a multi-angle optimization method integrating hardware-assisted program tracing, static analysis, and concolic execution. Firstly, static analysis and hardware-assisted tracing are used to calculate program path complexity and execution probability. Then, seed selection and mutation energy allocation are performed according to the path complexity and execution probability. Meanwhile, concolic execution is leveraged to assist seed generation and record key bytes for targeted variations. Experimental results show that this method finds more program paths as well as crashes in most cases, compared to other fuzzing methods.

    Reference
    [1] 邹权臣, 张涛, 吴润浦, 等. 从自动化到智能化: 软件漏洞挖掘技术进展. 清华大学学报(自然科学版), 2018, 58(12): 1079–1094
    [2] 刘剑, 苏璞睿, 杨珉, 等. 软件与网络安全研究综述. 软件学报, 2018, 29(1): 42–68
    [3] Li J, Zhao BD, Zhang C. Fuzzing: A survey. Cybersecurity, 2018, 1(1): 6.
    [4] Zalewski M. American fuzzy lop. http://lcamtuf.coredump.cx/afl/. [2024-06-20].
    [5] Bellard F. QEMU, a fast and portable dynamic translator. Proceedings of the 2005 Annual Conference on USENIX Annual Technical Conference. Anaheim: USENIX Association, 2005. 41.
    [6] Chen YH, Mu DL, Xu J, et al. PTrix: Efficient hardware-assisted fuzzing for cots binary. Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. Auckland: ACM, 2019. 633–645.
    [7] Processor tracing. https://software.intel.com/en-us/blogs/2013/09/18/processor-tracing. (2013-09-18).
    [8] Böhme M, Pham VT, Roychoudhury A. Coverage-based greybox fuzzing as Markov chain. IEEE Transactions on Software Engineering, 2019, 45(5): 489–506.
    [9] Li YK, Xue YX, Chen HX, et al. Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection. Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Tallinn: ACM, 2019. 533–544.
    [10] Howard M. Security development lifecycle (SDL) banned function calls. https://msdn.microsoft.com/enus/library/bb288454.aspx. (2012-06-12).
    [11] Yun I, Lee S, Xu M, et al. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. Proceedings of the 27th USENIX Security Symposium. Baltimore: USENIX Security Symposium, 2018. 745–761.
    [12] Luk CK, Cohn R, Muth R, et al. Pin: Building customized program analysis tools with dynamic instrumentation. Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation. Chicago: ACM, 2005. 190–200.
    [13] Dolan-Gavitt B, Hulin P, Kirda E, et al. LAVA: Large-scale automated vulnerability addition. Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP). San Jose: IEEE, 2016. 110–121.
    [14] Zhang G, Zhou X, Luo YQ, et al. PTfuzz: Guided fuzzing with processor trace feedback. IEEE Access, 2018, 6: 37302–37313.
    [15] Schumilo S, Aschermann C, Gawlik R, et al. kAFL: Hardware-assisted feedback fuzzing for OS kernels. Proceedings of the 26th USENIX Conference on Security Symposium. Vancouver: USENIX Association, 2017. 167–182.
    [16] Li WQ, Shi JM, Li FJ, et al. μAFL: Non-intrusive feedback-driven fuzzing for microcontroller firmware. Proceedings of the 44th IEEE/ACM International Conference on Software Engineering (ICSE). Pittsburgh: IEEE, 2022. 1–12.
    [17] Lyu CY, Ji SL, Zhang C, et al. MOPT: Optimized mutation scheduling for fuzzers. Proceedings of the 28th USENIX Security Symposium. Santa Clara: USENIX Security Symposium, 2019. 1949–1966.
    [18] Aschermann C, Schumilo S, Blazytko T, et al. REDQUEEN: Fuzzing with input-to-state correspondence. Proceedings of the 26th Annual Network and Distributed System Security Symposium. San Diego: NDSS, 2019. 1–15.
    [19] 张文, 陈锦富, 蔡赛华, 等. 一种聚类分析驱动种子调度的模糊测试方法. 软件学报, 2024, 35(7): 3141–3161.
    [20] 杨克, 贺也平, 马恒太, 等. 面向递增累积型缺陷的灰盒模糊测试变异优化. 软件学报, 2023, 34(5): 2286–2299.
    [21] 况博裕, 张兆博, 杨善权, 等. HMFuzzer: 一种基于人机协同的物联网设备固件漏洞挖掘方案. 计算机学报, 2024, 47(3): 703–716.
    [22] Shudrak MO, Zolotarev VV. Improving fuzzing using software complexity metrics. Proceedings of the 18th International Conference on Information Security and Cryptology. Seoul: Springer, 2015. 246–261.
    [23] Wang MZ, Liang J, Chen YL, et al. SAFL: Increasing and accelerating testing coverage with symbolic execution and guided fuzzing. Proceedings of the 40th IEEE/ACM International Conference on Software Engineering: Companion. Gothenburg: IEEE, 2018. 61–64.
    [24] Cadar C, Dunbar D, Engler D. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation. San Diego: USENIX Association, 2008. 209–224.
    [25] Stephens N, Grosen J, Salls C, et al. Driller: Augmenting fuzzing through selective symbolic execution. Proceedings of the 23rd Annual Network and Distributed System Security Symposium. San Diego: NDSS, 2016. 1–16.
    [26] Poeplau S, Francillon A. Symbolic execution with SymCC: Don’t interpret, compile! Proceedings of the 29th USENIX Conference on Security Symposium. USENIX Association, 2020. 11.
    [27] Zhao L, Duan Y, Yin H, et al. Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing. Proceedings of the 26th Annual Network and Distributed System Security Symposium. San Diego: NDSS. 2019.
    [28] Chen YH, Li P, Xu J, et al. SAVIOR: Towards bug-driven hybrid testing. Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP). San Francisco: IEEE, 2020. 1580–1596.
    [29] Cho M, Kim S, Kwon T. Intriguer: Field-level constraint solving for hybrid fuzzing. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. London: ACM, 2019. 515–530.
    [30] Huang HQ, Yao PS, Wu RX, et al. Pangolin: Incremental hybrid fuzzing with polyhedral path abstraction. Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP). San Francisco: IEEE, 2020. 1613–1627.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

王文婷,孙嘉珺,万逸峰,王文杰,田东海.基于程序分析的二进制软件模糊测试.计算机系统应用,2025,34(1):294-307

Copy
Share
Article Metrics
  • Abstract:89
  • PDF: 307
  • HTML: 113
  • Cited by: 0
History
  • Received:May 19,2024
  • Revised:June 12,2024
  • Online: November 15,2024
Article QR Code
Links:Journal of Software中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会
You are the first990335Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-3
Address:4# South Fourth Street, Zhongguancun,Haidian, Beijing,Postal Code:100190
Phone:010-62661041 Fax: Email:csa (a) iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063