Titan : Efficient Multi-target Directed Greybox Fuzzing

被引：1

作者：

Huang, Heqing ^{[1
]}

Yao, Peisen ^{[2
]}

Chiu, Hung-Chun ^{[1
]}

Guo, Yiyuan ^{[1
]}

Zhang, Charles ^{[1
]}

机构：

[1] Hong Kong Univ Sci & Technol, Hong Kong, Peoples R China

[2] Zhejiang Univ, Hangzhou, Zhejiang, Peoples R China

来源：

45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP 2024 | 2024年

基金：

中国国家自然科学基金;

关键词：

Directed fuzzing; Multi-target; Path correlation;

D O I：

10.1109/SP54263.2024.00059

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Modern directed fuzzing often faces scalability issues when analyzing multiple targets in a program simultaneously. We observe that the root cause is that directed fuzzers are unaware of the correlations among the targets, thereby could degenerate into a target-undirected method. As a result, directed fuzzing suffers severely from efficiency when reproducing multiple targets. This paper presents Titan, which enables fuzzers to distinguish correlations among various targets in the program and, thus, optimizes the input generation to reproduce multiple targets effectively. Leveraging these correlations, Titan differentiates seeds' potential of reaching each target for the scheduling and identifies bytes that can be changed simultaneously for the mutation. We compare our approach to eight state-of-the-art (directed) fuzzers. The evaluation demonstrates that Titan outperforms existing approaches by efficiently detecting multiple targets, achieving a 21.4x speedup and requiring 95.0% fewer number of executions. In addition, Titan detects nine incomplete fixes, which cannot be detected by other directed fuzzers, in the latest versions of the benchmark programs with two CVE IDs assigned.

引用

页码：1849 / 1864

页数：16

共 43 条

[1] [Anonymous], 2013, AFL AM FUZZY LOP
[2] [Anonymous], 2020, 29 USENIX SEC S USEN
[3] [Anonymous], 2018, OSS FUZZ REPORT
[4] NAUTILUS: Fishing for Deep Bugs with Grammars
Aschermann, Cornelius
Frassetto, Tommaso
Holz, Thorsten
Jauernig, Patrick
Sadeghi, Ahmad-Reza
Teuchert, Daniel
[J]. 26TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2019), 2019,
[5] Boosting Fuzzer Efficiency: An Information Theoretic Perspective
Bohme, Marcel
Manes, Valentin J. M.
Cha, Sang Kil
[J]. PROCEEDINGS OF THE 28TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '20), 2020, : 678 - 689
[6] Directed Greybox Fuzzing
Bohme, Marcel
Van-Thuan Pham
Manh-Dung Nguyen
Roychoudhury, Abhik
[J]. CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 2329 - 2344
[7] Bohme Marcel, 2016, CoverageBased Greybox Fuzzing as Markov Chain (CCS '16), P1032, DOI [DOI 10.1145/2976749.2978428, DOI 10.1145/2976749]
[8] Brown F, 2020, PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, P199
[9] Generating Performance Distributions via Probabilistic Symbolic Execution
Chen, Bihuan
Liu, Yang
Le, Wei
[J]. 2016 IEEE/ACM 38TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2016, : 49 - 60
[10] Hawkeye: Towards a Desired Directed Grey-box Fuzzer
Chen, Hongxu
Xue, Yinxing
Li, Yuekang
Chen, Bihuan
Xie, Xiaofei
Wu, Xiuheng
Liu, Yang
[J]. PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 2095 - 2108

← 1 2 3 4 5 →