Software Open Access
FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)
Padhye, Rohan; Lemieux, Caroline
JSON-LD (schema.org) Export
{
"description": "<p>This artifact accompanies the paper "FuzzFactory: Domain-Specific Fuzzing with Waypoints", submitted to OOPSLA 2019.</p>\n\n<p><strong>Paper abstract</strong>:</p>\n\n<p>Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google's fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.</p>",
"license": "https://opensource.org/licenses/BSD-2-Clause",
"creator": [
{
"affiliation": "UC Berkeley",
"@type": "Person",
"name": "Padhye, Rohan"
},
{
"affiliation": "UC Berkeley",
"@type": "Person",
"name": "Lemieux, Caroline"
}
],
"url": "https://zenodo.org/record/3364086",
"datePublished": "2019-08-08",
"version": "1.0",
"contributor": [
{
"affiliation": "UC Berkeley",
"@type": "Person",
"name": "Sen, Koushik"
},
{
"affiliation": "Samsung Research America",
"@type": "Person",
"name": "Simon, Laurent"
},
{
"affiliation": "Samsung Research America",
"@type": "Person",
"name": "Vijayakumar, Hayawardh"
}
],
"@context": "https://schema.org/",
"identifier": "https://doi.org/10.5281/zenodo.3364086",
"@id": "https://doi.org/10.5281/zenodo.3364086",
"@type": "SoftwareSourceCode",
"name": "FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)"
}
157
61
views
downloads
| All versions | This version | |
|---|---|---|
| Views | 157 | 158 |
| Downloads | 61 | 61 |
| Data volume | 24.4 GB | 24.4 GB |
| Unique views | 140 | 141 |
| Unique downloads | 35 | 35 |
Indexed in
- Publication date:
- August 8, 2019
- DOI:
-
- License (for files):
- BSD 2-Clause "Simplified" License