FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

Padhye, Rohan; Lemieux, Caroline

doi:10.5281/zenodo.3364086

August 8, 2019 Software Open Access

FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

Padhye, Rohan; Lemieux, Caroline

MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nmm##2200000uu#4500</leader>
  <controlfield tag="005">20200125192116.0</controlfield>
  <controlfield tag="001">3364086</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">UC Berkeley</subfield>
    <subfield code="a">Lemieux, Caroline</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">UC Berkeley</subfield>
    <subfield code="4">oth</subfield>
    <subfield code="a">Sen, Koushik</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Samsung Research America</subfield>
    <subfield code="4">oth</subfield>
    <subfield code="a">Simon, Laurent</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Samsung Research America</subfield>
    <subfield code="4">oth</subfield>
    <subfield code="a">Vijayakumar, Hayawardh</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">1060295749</subfield>
    <subfield code="z">md5:1923fb6008ef16d632e37caacef0f1de</subfield>
    <subfield code="u">https://zenodo.org/record/3364086/files/fuzzfactory-artifact.tar.gz</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">2098</subfield>
    <subfield code="z">md5:d257542ba026d1176360bb6e6fb68094</subfield>
    <subfield code="u">https://zenodo.org/record/3364086/files/LICENSE.txt</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">15712</subfield>
    <subfield code="z">md5:210dda6d1fd2ee6e1872f8e90ae326f1</subfield>
    <subfield code="u">https://zenodo.org/record/3364086/files/README.txt</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2019-08-08</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">software</subfield>
    <subfield code="o">oai:zenodo.org:3364086</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">UC Berkeley</subfield>
    <subfield code="a">Padhye, Rohan</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://opensource.org/licenses/BSD-2-Clause</subfield>
    <subfield code="a">BSD 2-Clause "Simplified" License</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;This artifact accompanies the paper &amp;quot;FuzzFactory: Domain-Specific Fuzzing with Waypoints&amp;quot;, submitted to OOPSLA 2019.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Paper abstract&lt;/strong&gt;:&lt;/p&gt;

&lt;p&gt;Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google&amp;#39;s fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.3364085</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.3364086</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">software</subfield>
  </datafield>
</record>

266

101

views

downloads

See more details...

	All versions	This version
Views	266	267
Downloads	101	101
Data volume	46.7 GB	46.7 GB
Unique views	245	246
Unique downloads	64	64

More info on how stats are collected.

Indexed in

Publication date:

August 8, 2019

DOI:

License (for files):

BSD 2-Clause "Simplified" License

Versions

Version 1.0 10.5281/zenodo.3364086

Aug 8, 2019

Cite all versions? You can cite all versions by using the DOI 10.5281/zenodo.3364085. This DOI represents all versions, and will always resolve to the latest one. Read more.

FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

MARC21 XML Export

Versions

Share

Cite as

Export

About

Blog

Help

Developers

Contribute

FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

MARC21 XML Export

Zenodo DOI Badge

DOI

10.5281/zenodo.3364086

Markdown

[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg)](https://doi.org/10.5281/zenodo.3364086)

reStructedText

.. image:: https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg :target: https://doi.org/10.5281/zenodo.3364086

HTML

<a href="https://doi.org/10.5281/zenodo.3364086"><img src="https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg" alt="DOI"></a>

Image URL

https://zenodo.org/badge/DOI/10.5281/zenodo.3364086.svg

Target URL

https://doi.org/10.5281/zenodo.3364086

Versions

Share

Cite as

Export