Software Open Access

FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

Padhye, Rohan; Lemieux, Caroline

Citation Style Language JSON Export

{
  "publisher": "Zenodo", 
  "DOI": "10.5281/zenodo.3364086", 
  "title": "FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)", 
  "issued": {
    "date-parts": [
      [
        2019, 
        8, 
        8
      ]
    ]
  }, 
  "abstract": "<p>This artifact accompanies the paper &quot;FuzzFactory: Domain-Specific Fuzzing with Waypoints&quot;, submitted to OOPSLA 2019.</p>\n\n<p><strong>Paper abstract</strong>:</p>\n\n<p>Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google&#39;s fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.</p>", 
  "author": [
    {
      "family": "Padhye, Rohan"
    }, 
    {
      "family": "Lemieux, Caroline"
    }
  ], 
  "version": "1.0", 
  "type": "article", 
  "id": "3364086"
}
157
61
views
downloads
All versions This version
Views 157158
Downloads 6161
Data volume 24.4 GB24.4 GB
Unique views 140141
Unique downloads 3535
More info on how stats are collected.
Indexed in
Publication date:
August 8, 2019
DOI:
10.5281/zenodo.3364086

Zenodo DOI Badge

DOI 

10.5281/zenodo.3364086

Markdown 

[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg)](https://doi.org/10.5281/zenodo.3364086)

reStructedText 

.. image:: https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg
   :target: https://doi.org/10.5281/zenodo.3364086

HTML 

<a href="https://doi.org/10.5281/zenodo.3364086"><img src="https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg" alt="DOI"></a>

Image URL 

https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg

Target URL 

https://doi.org/10.5281/zenodo.3364086

License (for files):
BSD 2-Clause "Simplified" License

Versions

Version 1.0 10.5281/zenodo.3364086 Aug 8, 2019
Cite all versions? You can cite all versions by using the DOI 10.5281/zenodo.3364085. This DOI represents all versions, and will always resolve to the latest one. Read more.

Share

Cite as

Export