Abstract
Bugs and vulnerabilities in binary executables threaten cyber security. Current discovery methods, like fuzz testing, symbolic execution and manual analysis, both have advantages and disadvantages when exercising the deeper code area in binary executables to find more bugs. In this paper, we designed and implemented a hybrid automatic bug finding tool—Ffuzz—on top of fuzz testing and selective symbolic execution. It targets full system software stack testing including both the user space and kernel space. Combining these two mainstream techniques enables us to achieve higher coverage and avoid getting stuck both in fuzz testing and symbolic execution. We also proposed two key optimizations to improve the efficiency of full system testing. We evaluated the efficiency and effectiveness of our method on real-world binary software and 844 memory corruption vulnerable programs in the Juliet test suite. The results show that Ffuzz can discover software bugs in the full system software stack effectively and efficiently.
Highlights
Software quality continues to improve, program errors expose cybersecurity to critical threats
We propose a new method to perform fuzz testing on a full system software stack based on fuzz testing and selective symbolic execution
We put forward a novel method to detect bugs in full software stacks, including the user application, device driver and OS kernel
Summary
Software quality continues to improve, program errors expose cybersecurity to critical threats. Fuzz testing and symbolic execution are mainstream techniques that are used to find software bugs. After analyzing the advantages and disadvantages of fuzz testing and symbolic execution when testing a full system software stack, we realized that symbolic execution has the powerful ability to find “corner” bugs while spending a great deal of time on program analysis and constraint solving. We leverage fuzz testing and selective symbolic execution [5] and propose a full system and high-coverage fuzzing tool FFUZZ. We propose a new method to perform fuzz testing on a full system software stack based on fuzz testing and selective symbolic execution. We designed and implemented a tool—FFUZZ—and we evaluated FFUZZ on real-world binary software to demonstrate the effectiveness and efficiency from several different viewpoints.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.