Static program analysis as a fuzzing aid

B Shastry, M Leutner, T Fiebig, K Thimmaraju… - Research in Attacks …, 2017 - Springer
Research in Attacks, Intrusions, and Defenses: 20th International Symposium …, 2017Springer
Fuzz testing is an effective and scalable technique to perform software security
assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a
high degree of control-flow diversity, such as firewalls and network packet analyzers. In this
paper, we demonstrate how static program analysis can guide fuzzing by augmenting
existing program models maintained by the fuzzer. Based on the insight that code patterns
reflect the data format of inputs processed by a program, we automatically construct an input …
Abstract
Fuzz testing is an effective and scalable technique to perform software security assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a high degree of control-flow diversity, such as firewalls and network packet analyzers. In this paper, we demonstrate how static program analysis can guide fuzzing by augmenting existing program models maintained by the fuzzer. Based on the insight that code patterns reflect the data format of inputs processed by a program, we automatically construct an input dictionary by statically analyzing program control and data flow. Our analysis is performed before fuzzing commences, and the input dictionary is supplied to an off-the-shelf fuzzer to influence input generation. Evaluations show that our technique not only increases test coverage by 10–15% over baseline fuzzers such as afl but also reduces the time required to expose vulnerabilities by up to an order of magnitude. As a case study, we have evaluated our approach on two classes of network applications: nDPI, a deep packet inspection library, and tcpdump, a network packet analyzer. Using our approach, we have uncovered 15 zero-day vulnerabilities in the evaluated software that were not found by stand-alone fuzzers. Our work not only provides a practical method to conduct security evaluations more effectively but also demonstrates that the synergy between program analysis and testing can be exploited for a better outcome.
Springer
以上显示的是最相近的搜索结果。 查看全部搜索结果