Cargando…
Ffuzz: Towards full system high coverage fuzz testing on binary executables
Bugs and vulnerabilities in binary executables threaten cyber security. Current discovery methods, like fuzz testing, symbolic execution and manual analysis, both have advantages and disadvantages when exercising the deeper code area in binary executables to find more bugs. In this paper, we designe...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2018
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5965842/ https://www.ncbi.nlm.nih.gov/pubmed/29791469 http://dx.doi.org/10.1371/journal.pone.0196733 |
| _version_ | 1783325383763951616 |
|---|---|
| author | Zhang, Bin Ye, Jiaxi Bi, Xing Feng, Chao Tang, Chaojing |
| author_facet | Zhang, Bin Ye, Jiaxi Bi, Xing Feng, Chao Tang, Chaojing |
| author_sort | Zhang, Bin |
| collection | PubMed |
| description | Bugs and vulnerabilities in binary executables threaten cyber security. Current discovery methods, like fuzz testing, symbolic execution and manual analysis, both have advantages and disadvantages when exercising the deeper code area in binary executables to find more bugs. In this paper, we designed and implemented a hybrid automatic bug finding tool—Ffuzz—on top of fuzz testing and selective symbolic execution. It targets full system software stack testing including both the user space and kernel space. Combining these two mainstream techniques enables us to achieve higher coverage and avoid getting stuck both in fuzz testing and symbolic execution. We also proposed two key optimizations to improve the efficiency of full system testing. We evaluated the efficiency and effectiveness of our method on real-world binary software and 844 memory corruption vulnerable programs in the Juliet test suite. The results show that Ffuzz can discover software bugs in the full system software stack effectively and efficiently. |
| format | Online Article Text |
| id | pubmed-5965842 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2018 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-59658422018-06-02 Ffuzz: Towards full system high coverage fuzz testing on binary executables Zhang, Bin Ye, Jiaxi Bi, Xing Feng, Chao Tang, Chaojing PLoS One Research Article Bugs and vulnerabilities in binary executables threaten cyber security. Current discovery methods, like fuzz testing, symbolic execution and manual analysis, both have advantages and disadvantages when exercising the deeper code area in binary executables to find more bugs. In this paper, we designed and implemented a hybrid automatic bug finding tool—Ffuzz—on top of fuzz testing and selective symbolic execution. It targets full system software stack testing including both the user space and kernel space. Combining these two mainstream techniques enables us to achieve higher coverage and avoid getting stuck both in fuzz testing and symbolic execution. We also proposed two key optimizations to improve the efficiency of full system testing. We evaluated the efficiency and effectiveness of our method on real-world binary software and 844 memory corruption vulnerable programs in the Juliet test suite. The results show that Ffuzz can discover software bugs in the full system software stack effectively and efficiently. Public Library of Science 2018-05-23 /pmc/articles/PMC5965842/ /pubmed/29791469 http://dx.doi.org/10.1371/journal.pone.0196733 Text en © 2018 Zhang et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Zhang, Bin Ye, Jiaxi Bi, Xing Feng, Chao Tang, Chaojing Ffuzz: Towards full system high coverage fuzz testing on binary executables |
| title | Ffuzz: Towards full system high coverage fuzz testing on binary executables |
| title_full | Ffuzz: Towards full system high coverage fuzz testing on binary executables |
| title_fullStr | Ffuzz: Towards full system high coverage fuzz testing on binary executables |
| title_full_unstemmed | Ffuzz: Towards full system high coverage fuzz testing on binary executables |
| title_short | Ffuzz: Towards full system high coverage fuzz testing on binary executables |
| title_sort | ffuzz: towards full system high coverage fuzz testing on binary executables |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5965842/ https://www.ncbi.nlm.nih.gov/pubmed/29791469 http://dx.doi.org/10.1371/journal.pone.0196733 |
| work_keys_str_mv | AT zhangbin ffuzztowardsfullsystemhighcoveragefuzztestingonbinaryexecutables AT yejiaxi ffuzztowardsfullsystemhighcoveragefuzztestingonbinaryexecutables AT bixing ffuzztowardsfullsystemhighcoveragefuzztestingonbinaryexecutables AT fengchao ffuzztowardsfullsystemhighcoveragefuzztestingonbinaryexecutables AT tangchaojing ffuzztowardsfullsystemhighcoveragefuzztestingonbinaryexecutables |