Software Open Access

# FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

### DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<identifier identifierType="DOI">10.5281/zenodo.3364086</identifier>
<creators>
<creator>
<givenName>Rohan</givenName>
<affiliation>UC Berkeley</affiliation>
</creator>
<creator>
<creatorName>Lemieux, Caroline</creatorName>
<givenName>Caroline</givenName>
<familyName>Lemieux</familyName>
<affiliation>UC Berkeley</affiliation>
</creator>
</creators>
<titles>
<title>FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2019</publicationYear>
<dates>
<date dateType="Issued">2019-08-08</date>
</dates>
<resourceType resourceTypeGeneral="Software"/>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/3364086</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.3364085</relatedIdentifier>
</relatedIdentifiers>
<version>1.0</version>
<rightsList>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract">&lt;p&gt;This artifact accompanies the paper &amp;quot;FuzzFactory: Domain-Specific Fuzzing with Waypoints&amp;quot;, submitted to OOPSLA 2019.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Paper abstract&lt;/strong&gt;:&lt;/p&gt;

&lt;p&gt;Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google&amp;#39;s fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.&lt;/p&gt;</description>
</descriptions>
</resource>

157
61
views