Targeted Greybox Fuzzing with Static Lookahead Analysis

被引:32
|
作者
Wustholz, Valentin [1 ]
Christakis, Maria [2 ]
机构
[1] ConsenSys Diligence MythX, Berlin, Germany
[2] MPI SWS, Saarbrucken, Germany
来源
2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020) | 2020年
关键词
CHECKING; EXECUTION;
D O I
10.1145/3377811.3380388
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely to contain bugs by using an offline static analysis. In this paper, we introduce a novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified parts of the program. This is achieved by first semantically analyzing each program path that is explored by an input in the fuzzer's test suite. The results of this analysis are then used to control the fuzzer's specialized power schedule, which determines how often to fuzz inputs from the test suite. We implemented our technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an online analysis is particularly suitable for the domain of smart contracts since it does not require any code instrumentation-adding instrumentation to contracts changes their semantics. Our experiments show that targeted fuzzing significantly outperforms standard greybox fuzzing for reaching 83% of the challenging target locations (up to 14x of median speed-up).
引用
收藏
页码:789 / 800
页数:12
相关论文
共 50 条
  • [1] Regression Greybox Fuzzing
    Zhu, Xiaogang
    Boehme, Marcel
    CCS '21: PROCEEDINGS OF THE 2021 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, : 2169 - 2182
  • [2] Directed Greybox Fuzzing
    Bohme, Marcel
    Van-Thuan Pham
    Manh-Dung Nguyen
    Roychoudhury, Abhik
    CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 2329 - 2344
  • [3] Stateful Greybox Fuzzing
    Ba, Jinsheng
    Bohme, Marcel
    Mirzamomen, Zahra
    Roychoudhury, Abhik
    PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, 2022, : 3255 - 3272
  • [4] Smart Greybox Fuzzing
    Pham, Van-Thuan
    Bohme, Marcel
    Santosa, Andrew E.
    Caciulescu, Alexandru Razvan
    Roychoudhury, Abhik
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2021, 47 (09) : 1980 - 1997
  • [5] Principled Greybox Fuzzing
    Li, Yuekang
    FORMAL METHODS AND SOFTWARE ENGINEERING, ICFEM 2018, 2018, 11232 : 455 - 458
  • [6] Greybox Fuzzing of Distributed Systems
    Meng, Ruijie
    Pirlea, George
    Roychoudhury, Abhik
    Sergey, Ilya
    PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023, 2023, : 1615 - 1629
  • [7] An Efficient Greybox Fuzzing Scheme for Linux-based IoT Programs Through Binary Static Analysis
    Zheng, Yaowen
    Song, Zhanwei
    Sun, Yuyan
    Cheng, Kai
    Zhu, Hongsong
    Sun, Limin
    2019 IEEE 38TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC), 2019,
  • [8] Multiple Targets Directed Greybox Fuzzing
    Liang, Hongliang
    Yu, Xinglin
    Cheng, Xianglin
    Liu, Jie
    Li, Jin
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (01) : 325 - 339
  • [9] Energy Distribution Matters in Greybox Fuzzing
    Situ, Lingyun
    Wang, Linzhang
    Li, Xuandong
    Guan, Le
    Zhang, Wenhui
    Liu, Peng
    2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2019), 2019, : 270 - 271
  • [10] Sequence Coverage Directed Greybox Fuzzing
    Liang, Hongliang
    Zhang, Yini
    Yu, Yue
    Xie, Zhuosi
    Jiang, Lin
    2019 IEEE/ACM 27TH INTERNATIONAL CONFERENCE ON PROGRAM COMPREHENSION (ICPC 2019), 2019, : 249 - 259