Software Open Access

FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)

Padhye, Rohan; Lemieux, Caroline


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nmm##2200000uu#4500</leader>
  <controlfield tag="005">20200125192116.0</controlfield>
  <controlfield tag="001">3364086</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">UC Berkeley</subfield>
    <subfield code="a">Lemieux, Caroline</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">UC Berkeley</subfield>
    <subfield code="4">oth</subfield>
    <subfield code="a">Sen, Koushik</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Samsung Research America</subfield>
    <subfield code="4">oth</subfield>
    <subfield code="a">Simon, Laurent</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Samsung Research America</subfield>
    <subfield code="4">oth</subfield>
    <subfield code="a">Vijayakumar, Hayawardh</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">1060295749</subfield>
    <subfield code="z">md5:1923fb6008ef16d632e37caacef0f1de</subfield>
    <subfield code="u">https://zenodo.org/record/3364086/files/fuzzfactory-artifact.tar.gz</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">2098</subfield>
    <subfield code="z">md5:d257542ba026d1176360bb6e6fb68094</subfield>
    <subfield code="u">https://zenodo.org/record/3364086/files/LICENSE.txt</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">15712</subfield>
    <subfield code="z">md5:210dda6d1fd2ee6e1872f8e90ae326f1</subfield>
    <subfield code="u">https://zenodo.org/record/3364086/files/README.txt</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2019-08-08</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">software</subfield>
    <subfield code="o">oai:zenodo.org:3364086</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">UC Berkeley</subfield>
    <subfield code="a">Padhye, Rohan</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">FuzzFactory: Domain-Specific Fuzzing with Waypoints (Replication Package)</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://opensource.org/licenses/BSD-2-Clause</subfield>
    <subfield code="a">BSD 2-Clause "Simplified" License</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;This artifact accompanies the paper &amp;quot;FuzzFactory: Domain-Specific Fuzzing with Waypoints&amp;quot;, submitted to OOPSLA 2019.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Paper abstract&lt;/strong&gt;:&lt;/p&gt;

&lt;p&gt;Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google&amp;#39;s fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.3364085</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.3364086</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">software</subfield>
  </datafield>
</record>
157
61
views
downloads
All versions This version
Views 157158
Downloads 6161
Data volume 24.4 GB24.4 GB
Unique views 140141
Unique downloads 3535

Share

Cite as