Software Open Access
FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)
Padhye, Rohan; Lemieux, Caroline
Dublin Core Export
<?xml version='1.0' encoding='utf-8'?> <oai_dc:dc xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:oai_dc="http://www.openarchives.org/OAI/2.0/oai_dc/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/ http://www.openarchives.org/OAI/2.0/oai_dc.xsd"> <dc:contributor>Sen, Koushik</dc:contributor> <dc:contributor>Simon, Laurent</dc:contributor> <dc:contributor>Vijayakumar, Hayawardh</dc:contributor> <dc:creator>Padhye, Rohan</dc:creator> <dc:creator>Lemieux, Caroline</dc:creator> <dc:date>2019-08-08</dc:date> <dc:description>This artifact accompanies the paper "FuzzFactory: Domain-Specific Fuzzing with Waypoints", submitted to OOPSLA 2019. Paper abstract: Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google's fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.</dc:description> <dc:identifier>https://zenodo.org/record/3364086</dc:identifier> <dc:identifier>10.5281/zenodo.3364086</dc:identifier> <dc:identifier>oai:zenodo.org:3364086</dc:identifier> <dc:relation>doi:10.5281/zenodo.3364085</dc:relation> <dc:rights>info:eu-repo/semantics/openAccess</dc:rights> <dc:rights>https://opensource.org/licenses/BSD-2-Clause</dc:rights> <dc:title>FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)</dc:title> <dc:type>info:eu-repo/semantics/other</dc:type> <dc:type>software</dc:type> </oai_dc:dc>
266
101
views
downloads
| All versions | This version | |
|---|---|---|
| Views | 266 | 267 |
| Downloads | 101 | 101 |
| Data volume | 46.7 GB | 46.7 GB |
| Unique views | 245 | 246 |
| Unique downloads | 64 | 64 |
Indexed in
- Publication date:
- August 8, 2019
- DOI:
-
- License (for files):
- BSD 2-Clause "Simplified" License