Unleashing Fuzzing Through Comprehensive, Efficient, and Faithful Exploitable-Bug Exposing

Bowen Wang, Kangjie Lu, Qiushi Wu, Aditya Pakki

Research output: Contribution to journalArticlepeer-review

Abstract

Fuzzing has become an essential means of finding software bugs. Bug finding through fuzzing requires two partsexploring code paths to reach bugs and exposing bugs when they are reached. Existing fuzzing research has primarily focused on improving code coverage but not on exposing bugs. Sanitizers such as AddressSanitizer (ASAN) and MemorySanitizer (MSAN) have been the dominating tools for exposing bugs. However, sanitizer-based bug exposing has the following limitations. (1) sanitizers are not compatible with each other. (2) sanitizers incur significant runtime overhead. (3) sanitizers may generate false positives, and (4) exposed bugs may not be exploitable. To address these limitations, we propose EXPOZZER, a fuzzing system that can expose bugs comprehensively, efficiently, and faithfully. The intuition of EXPOZZER is to detect bugs through divergences in a properly diversified dual-execution environment, which does not require maintaining or checking execution metadata. We design a practical and deterministic dual-execution engine, a co-design for dual-execution and fuzzers, bug-sensitive diversification, comprehensive and efficient divergence detection to ensure the effectiveness of EXPOZZER. The results of evaluations show that EXPOZZER can detect not only CVE-assigned vulnerabilities reliably, but also new vulnerabilities in well-tested real-world programs.EXPOZZER is 10 times faster than MemorySanitizer and is similar to AddressSanitizer.

Original languageEnglish (US)
JournalIEEE Transactions on Dependable and Secure Computing
DOIs
StatePublished - Jan 1 2021

Bibliographical note

Publisher Copyright:
IEEE

Keywords

  • Bug Detection
  • Computer bugs
  • Dual-Execution
  • Engines
  • Fuzzing
  • Instruments
  • Metadata
  • N-Version Programming
  • Sanitizers
  • Security
  • Synchronization

Fingerprint

Dive into the research topics of 'Unleashing Fuzzing Through Comprehensive, Efficient, and Faithful Exploitable-Bug Exposing'. Together they form a unique fingerprint.

Cite this