Software Open Access
Padhye, Rohan; Lemieux, Caroline
<?xml version='1.0' encoding='utf-8'?> <resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd"> <identifier identifierType="DOI">10.5281/zenodo.3364086</identifier> <creators> <creator> <creatorName>Padhye, Rohan</creatorName> <givenName>Rohan</givenName> <familyName>Padhye</familyName> <affiliation>UC Berkeley</affiliation> </creator> <creator> <creatorName>Lemieux, Caroline</creatorName> <givenName>Caroline</givenName> <familyName>Lemieux</familyName> <affiliation>UC Berkeley</affiliation> </creator> </creators> <titles> <title>FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)</title> </titles> <publisher>Zenodo</publisher> <publicationYear>2019</publicationYear> <dates> <date dateType="Issued">2019-08-08</date> </dates> <resourceType resourceTypeGeneral="Software"/> <alternateIdentifiers> <alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/3364086</alternateIdentifier> </alternateIdentifiers> <relatedIdentifiers> <relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.3364085</relatedIdentifier> </relatedIdentifiers> <version>1.0</version> <rightsList> <rights rightsURI="https://opensource.org/licenses/BSD-2-Clause">BSD 2-Clause "Simplified" License</rights> <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights> </rightsList> <descriptions> <description descriptionType="Abstract"><p>This artifact accompanies the paper &quot;FuzzFactory: Domain-Specific Fuzzing with Waypoints&quot;, submitted to OOPSLA 2019.</p> <p><strong>Paper abstract</strong>:</p> <p>Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google&#39;s fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.</p></description> </descriptions> </resource>
All versions | This version | |
---|---|---|
Views | 266 | 267 |
Downloads | 101 | 101 |
Data volume | 46.7 GB | 46.7 GB |
Unique views | 245 | 246 |
Unique downloads | 64 | 64 |