PTfuzz: Guided Fuzzing With Processor Trace Feedback
Open Access
- 28 June 2018
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Access
- Vol. 6, 37302-37313
- https://doi.org/10.1109/access.2018.2851237
Abstract
Greybox fuzzing, such as AFL, is very efficient in finding software vulnerability, which makes it the state-of-the-art fuzzing technology. Greybox fuzzing leverages the branch information collected during program running as feedback to guide choosing seeds. Current greybox fuzzing generally uses two kinds of methods to collect branch information: compile-time instrumentation (AFL) and emulation (QAFL). Compile-time instrumentation is efficient, but it does not support binary programs. Meanwhile emulation supports binary programs, but its efficiency is very low. In this paper, we propose a greybox fuzzing approach named PTfuzz, which leverages hardware mechanism (Intel Processor Trace) to collect branch information. Our approach supports binary programs, just like the emulation method, while it gains a comparable performance with the compile-time instrumentation method. Our experiments show that PTfuzz can fuzz the original binary programs without any modification, and we gain a 3X performance improvement compared to QAFL.Funding Information
- National Key Research and Development Program of China (2016YFB0200401)
- Program for New Century Excellent Talents in University
- National High-level Personnel for Defense Technology Program (2017-JCJQ-ZQ-013)
- Hunan Province Science foundation (2017RS3045)
This publication has 17 references indexed in Scilit:
- VUzzer: Application-aware Evolutionary FuzzingPublished by Internet Society ,2017
- Coverage-based Greybox Fuzzing as Markov ChainPublished by Association for Computing Machinery (ACM) ,2016
- LAVA: Large-Scale Automated Vulnerability AdditionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Driller: Augmenting Fuzzing Through Selective Symbolic ExecutionPublished by Internet Society ,2016
- The BORGPublished by Association for Computing Machinery (ACM) ,2015
- Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary FirmwarePublished by Internet Society ,2015
- S2EACM SIGPLAN Notices, 2011
- EXEACM Transactions on Information and System Security, 2008
- Link-time binary rewriting techniques for program compactionACM Transactions on Programming Languages and Systems, 2005
- alto: a link‐time optimizer for the Compaq AlphaSoftware: Practice and Experience, 2001