501 research outputs found
UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling
Fuzzing is one of the most efficient technology for vulnerability detection.
Since the fuzzing process is computing-intensive and the performance improved
by algorithm optimization is limited, recent research seeks to improve fuzzing
performance by utilizing parallel computing. However, parallel fuzzing has to
overcome challenges such as task conflicts, scalability in a distributed
environment, synchronization overhead, and workload imbalance. In this paper,
we design and implement UniFuzz, a distributed fuzzing optimization based on a
dynamic centralized task scheduling. UniFuzz evaluates and distributes seeds in
a centralized manner to avoid task conflicts. It uses a "request-response"
scheme to dynamically distribute fuzzing tasks, which avoids workload
imbalance. Besides, UniFuzz can adaptively switch the role of computing cores
between evaluating, and fuzzing, which avoids the potential bottleneck of seed
evaluation. To improve synchronization efficiency, UniFuzz shares different
fuzzing information in a different way according to their characteristics, and
the average overhead of synchronization is only about 0.4\%. We evaluated
UniFuzz with real-world programs, and the results show that UniFuzz outperforms
state-of-the-art tools, such as AFL, PAFL and EnFuzz. Most importantly, the
experiment reveals a counter-intuitive result that parallel fuzzing can achieve
a super-linear acceleration to the single-core fuzzing. We made a detailed
explanation and proved it with additional experiments. UniFuzz also discovered
16 real-world vulnerabilities.Comment: 14 pages, 4 figure
SLOPT: Bandit Optimization Framework for Mutation-Based Fuzzing
Mutation-based fuzzing has become one of the most common vulnerability
discovery solutions over the last decade. Fuzzing can be optimized when
targeting specific programs, and given that, some studies have employed online
optimization methods to do it automatically, i.e., tuning fuzzers for any given
program in a program-agnostic manner. However, previous studies have neither
fully explored mutation schemes suitable for online optimization methods, nor
online optimization methods suitable for mutation schemes. In this study, we
propose an optimization framework called SLOPT that encompasses both a
bandit-friendly mutation scheme and mutation-scheme-friendly bandit algorithms.
The advantage of SLOPT is that it can generally be incorporated into existing
fuzzers, such as AFL and Honggfuzz. As a proof of concept, we implemented
SLOPT-AFL++ by integrating SLOPT into AFL++ and showed that the
program-agnostic optimization delivered by SLOPT enabled SLOPT-AFL++ to achieve
higher code coverage than AFL++ in all of ten real-world FuzzBench programs.
Moreover, we ran SLOPT-AFL++ against several real-world programs from OSS-Fuzz
and successfully identified three previously unknown vulnerabilities, even
though these programs have been fuzzed by AFL++ for a considerable number of
CPU days on OSS-Fuzz.Comment: To appear in Proceedings of the 2022 Annual Computer Security
Applications Conference (ACSAC '22
Understanding Programs by Exploiting (Fuzzing) Test Cases
Semantic understanding of programs has attracted great attention in the
community. Inspired by recent successes of large language models (LLMs) in
natural language understanding, tremendous progress has been made by treating
programming language as another sort of natural language and training LLMs on
corpora of program code. However, programs are essentially different from texts
after all, in a sense that they are normally heavily structured and
syntax-strict. In particular, programs and their basic units (i.e., functions
and subroutines) are designed to demonstrate a variety of behaviors and/or
provide possible outputs, given different inputs. The relationship between
inputs and possible outputs/behaviors represents the functions/subroutines and
profiles the program as a whole. Therefore, we propose to incorporate such a
relationship into learning, for achieving a deeper semantic understanding of
programs. To obtain inputs that are representative enough to trigger the
execution of most part of the code, we resort to fuzz testing and propose fuzz
tuning to boost the performance of program understanding and code
representation learning, given a pre-trained LLM. The effectiveness of the
proposed method is verified on two program understanding tasks including code
clone detection and code classification, and it outperforms current
state-of-the-arts by large margins. Code is available at
https://github.com/rabbitjy/FuzzTuning.Comment: Findings of the Association for Computational Linguistics: ACL 202
Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems
With a growing number of embedded devices that create, transform and send data autonomously at its core, the Internet-of-Things (IoT) is a reality in different sectors such as manufacturing, healthcare or transportation. With this expansion, the IoT is becoming more present in critical environments, where security is paramount. Infamous attacks such as Mirai have shown the insecurity of the devices that power the IoT, as well as the potential of such large-scale attacks. Therefore, it is important to secure these embedded systems that form the backbone of the IoT. However, the particular nature of these devices and their resource constraints mean that the most cost-effective manner of securing these devices is to secure them before they are deployed, by minimizing the number of vulnerabilities they ship. To this end, fuzzing has proved itself as a valuable technique for automated vulnerability finding, where specially crafted inputs are fed to programs in order to trigger vulnerabilities and crash the system. In this survey, we link the world of embedded IoT devices and fuzzing. For this end, we list the particularities of the embedded world as far as security is concerned, we perform a literature review on fuzzing techniques
and proposals, studying their applicability to embedded IoT devices and, finally, we present future research directions by pointing out the gaps identified in the review
- …