Taint-based directed whitebox fuzzing
Top Cited Papers
- 1 January 2009
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
We present a new automated white box fuzzing technique and a tool, BuzzFuzz, that implements this technique. Unlike standard fuzzing techniques, which randomly change parts of the input file with little or no information about the underlying syntactic structure of the file, BuzzFuzz uses dynamic taint tracing to automatically locate regions of original seed input files that influence values used at key program attack points (points where the program may contain an error). BuzzFuzz then automatically generates new fuzzed test input files by fuzzing these identified regions of the original seed input files. Because these new test files typically preserve the underlying syntactic structure of the original seed input files, they tend to make it past the initial input parsing components to exercise code deep within the semantic core of the computation. We have used BuzzFuzz to automatically find errors in two open-source applications: Swfdec (an Adobe Flash player) and MuPDF (a PDF viewer). Our results indicate that our new directed fuzzing technique can effectively expose errors located deep within large programs. Because the directed fuzzing technique uses taint to automatically discover and exploit information about the input file format, it is especially appropriate for testing programs that have complex, highly structured input file formats.Keywords
This publication has 8 references indexed in Scilit:
- Deriving input syntactic structure from executionPublished by Association for Computing Machinery (ACM) ,2008
- Grammar-based whitebox fuzzingPublished by Association for Computing Machinery (ACM) ,2008
- RWset: Attacking Path Explosion in Constraint-Based Test GenerationPublished by Springer Science and Business Media LLC ,2008
- PolyglotPublished by Association for Computing Machinery (ACM) ,2007
- EXEPublished by Association for Computing Machinery (ACM) ,2006
- CUTEACM SIGSOFT Software Engineering Notes, 2005
- DARTPublished by Association for Computing Machinery (ACM) ,2005
- An empirical study of the reliability of UNIX utilitiesCommunications of the ACM, 1990