Compositional Fuzzing Aided by Targeted Symbolic Execution
March 07, 2019 Β· Declared Dead Β· π arXiv.org
"No code URL or promise found in abstract"
Evidence collected by the PWNC Scanner
Authors
Saahil Ognawala, Fabian Kilger, Alexander Pretschner
arXiv ID
1903.02981
Category
cs.SE: Software Engineering
Citations
8
Venue
arXiv.org
Last Checked
4 months ago
Abstract
Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper parts of programs. Moreover, fuzzers heavily rely on the diversity of the seed inputs, often manually provided, to be able to produce meaningful results. In this paper, we present Wildfire, a novel open-source compositional fuzzing framework. Wildfire finds vulnerabilities by fuzzing isolated functions in a C-program and, then, using targeted symbolic execution it determines the feasibility of exploitation for these vulnerabilities. Based on our evaluation of 23 open-source programs (nearly 1 million LOC), we show that Wildfire, as a result of the increased coverage, finds more true-positives than baseline symbolic execution and fuzzing tools, as well as state-of-the-art coverage-guided tools, in only 10% of the analysis time taken by them. Additionally, Wildfire finds many other potential vulnerabilities whose feasibility can be determined compositionally to confirm if they are false-positives. Wildfire could also reproduce all of the known vulnerabilities and found several previously-unknown vulnerabilities in three open-source libraries.
Community Contributions
Found the code? Know the venue? Think something is wrong? Let us know!
π Similar Papers
In the same crypt β Software Engineering
R.I.P.
π»
Ghosted
R.I.P.
π»
Ghosted
Microservices: yesterday, today, and tomorrow
π
π
The Cartographer
A Survey of Machine Learning for Big Code and Naturalness
R.I.P.
π»
Ghosted
An Overview on Smart Contracts: Challenges, Advances and Platforms
R.I.P.
π»
Ghosted
Slither: A Static Analysis Framework For Smart Contracts
R.I.P.
π»
Ghosted
ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection
Died the same way β π» Ghosted
R.I.P.
π»
Ghosted
Federated Learning: Strategies for Improving Communication Efficiency
R.I.P.
π»
Ghosted
In-Datacenter Performance Analysis of a Tensor Processing Unit
R.I.P.
π»
Ghosted
Deep Convolutional Neural Networks for Computer-Aided Detection: CNN Architectures, Dataset Characteristics and Transfer Learning
R.I.P.
π»
Ghosted