DAFuzz: data-aware fuzzing of in-memory data stores

Fuzzing has become an important method for finding vulnerabilities in software. For fuzzing programs expecting structural inputs, syntactic- and semantic-aware fuzzing approaches have been particularly proposed. However, they still cannot fuzz in-memory data stores sufficiently, since some code path...

Descripción completa

Detalles Bibliográficos
Autores principales: Zeng, Yingpei, Zhu, Fengming, Zhang, Siyi, Yang, Yu, Yi, Siyu, Pan, Yufan, Xie, Guojie, Wu, Ting
Formato: Online Artículo Texto
Lenguaje:English
Publicado: PeerJ Inc. 2023
Materias:
Data Science
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10557509/
https://www.ncbi.nlm.nih.gov/pubmed/37810359
http://dx.doi.org/10.7717/peerj-cs.1592
_version_ 1785117105162551296
author Zeng, Yingpei
Zhu, Fengming
Zhang, Siyi
Yang, Yu
Yi, Siyu
Pan, Yufan
Xie, Guojie
Wu, Ting
author_facet Zeng, Yingpei
Zhu, Fengming
Zhang, Siyi
Yang, Yu
Yi, Siyu
Pan, Yufan
Xie, Guojie
Wu, Ting
author_sort Zeng, Yingpei
collection PubMed
description Fuzzing has become an important method for finding vulnerabilities in software. For fuzzing programs expecting structural inputs, syntactic- and semantic-aware fuzzing approaches have been particularly proposed. However, they still cannot fuzz in-memory data stores sufficiently, since some code paths are only executed when the required data are available. In this article, we propose a data-aware fuzzing method, DAFuzz, which is designed by considering the data used during fuzzing. Specifically, to ensure different data-sensitive code paths are exercised, DAFuzz first loads different kinds of data into the stores before feeding fuzzing inputs. Then, when generating inputs, DAFuzz ensures the generated inputs are not only syntactically and semantically valid but also use the data correctly. We implement a prototype of DAFuzz based on Superion and use it to fuzz Redis and Memcached. Experiments show that DAFuzz covers 13~95% more edges than AFL, Superion, AFL++, and AFLNet, and discovers vulnerabilities over 2.7× faster. In total, we discovered four new vulnerabilities in Redis and Memcached. All the vulnerabilities were reported to developers and have been acknowledged and fixed.
format Online
Article
Text
id pubmed-10557509
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher PeerJ Inc.
record_format MEDLINE/PubMed
spelling pubmed-105575092023-10-07 DAFuzz: data-aware fuzzing of in-memory data stores Zeng, Yingpei Zhu, Fengming Zhang, Siyi Yang, Yu Yi, Siyu Pan, Yufan Xie, Guojie Wu, Ting PeerJ Comput Sci Data Science Fuzzing has become an important method for finding vulnerabilities in software. For fuzzing programs expecting structural inputs, syntactic- and semantic-aware fuzzing approaches have been particularly proposed. However, they still cannot fuzz in-memory data stores sufficiently, since some code paths are only executed when the required data are available. In this article, we propose a data-aware fuzzing method, DAFuzz, which is designed by considering the data used during fuzzing. Specifically, to ensure different data-sensitive code paths are exercised, DAFuzz first loads different kinds of data into the stores before feeding fuzzing inputs. Then, when generating inputs, DAFuzz ensures the generated inputs are not only syntactically and semantically valid but also use the data correctly. We implement a prototype of DAFuzz based on Superion and use it to fuzz Redis and Memcached. Experiments show that DAFuzz covers 13~95% more edges than AFL, Superion, AFL++, and AFLNet, and discovers vulnerabilities over 2.7× faster. In total, we discovered four new vulnerabilities in Redis and Memcached. All the vulnerabilities were reported to developers and have been acknowledged and fixed. PeerJ Inc. 2023-09-19 /pmc/articles/PMC10557509/ /pubmed/37810359 http://dx.doi.org/10.7717/peerj-cs.1592 Text en © 2023 Zeng et al. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited.
spellingShingle Data Science
Zeng, Yingpei
Zhu, Fengming
Zhang, Siyi
Yang, Yu
Yi, Siyu
Pan, Yufan
Xie, Guojie
Wu, Ting
DAFuzz: data-aware fuzzing of in-memory data stores
title DAFuzz: data-aware fuzzing of in-memory data stores
title_full DAFuzz: data-aware fuzzing of in-memory data stores
title_fullStr DAFuzz: data-aware fuzzing of in-memory data stores
title_full_unstemmed DAFuzz: data-aware fuzzing of in-memory data stores
title_short DAFuzz: data-aware fuzzing of in-memory data stores
title_sort dafuzz: data-aware fuzzing of in-memory data stores
topic Data Science
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10557509/
https://www.ncbi.nlm.nih.gov/pubmed/37810359
http://dx.doi.org/10.7717/peerj-cs.1592
work_keys_str_mv AT zengyingpei dafuzzdataawarefuzzingofinmemorydatastores
AT zhufengming dafuzzdataawarefuzzingofinmemorydatastores
AT zhangsiyi dafuzzdataawarefuzzingofinmemorydatastores
AT yangyu dafuzzdataawarefuzzingofinmemorydatastores
AT yisiyu dafuzzdataawarefuzzingofinmemorydatastores
AT panyufan dafuzzdataawarefuzzingofinmemorydatastores
AT xieguojie dafuzzdataawarefuzzingofinmemorydatastores
AT wuting dafuzzdataawarefuzzingofinmemorydatastores

Ejemplares similares