SAND: Decoupling Sanitization from Fuzzing for Low Overhead
Sanitizers provide robust test oracles for various software vulnerabilities. Fuzzing on sanitizer-enabled programs has been the best practice to find software bugs. Since sanitizers need to heavily instrument a target program to insert run-time checks, sanitizer-enabled programs have much higher ove...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Kong, Ziqiao Li, Shaohua Huang, Heqing Su, Zhendong |
| description | Sanitizers provide robust test oracles for various software vulnerabilities.
Fuzzing on sanitizer-enabled programs has been the best practice to find
software bugs. Since sanitizers need to heavily instrument a target program to
insert run-time checks, sanitizer-enabled programs have much higher overhead
compared to normally built programs. In this paper, we present SAND, a new
fuzzing framework that decouples sanitization from the fuzzing loop. SAND
performs fuzzing on a normally built program and only invokes sanitizer-enabled
programs when input is shown to be interesting. Since most of the generated
inputs are not interesting, i.e., not bug-triggering, SAND allows most of the
fuzzing time to be spent on the normally built program. To identify interesting
inputs, we introduce execution pattern for a practical execution analysis on
the normally built program. We realize SAND on top of AFL++ and evaluate it on
12 real-world programs. Our extensive evaluation highlights its effectiveness:
on a period of 24 hours, compared to fuzzing on ASan/UBSan-enabled and
MSan-enabled programs, SAND respectively achieves 2.6x and 15x throughput and
detects 51% and 242% more bugs. |
| doi_str_mv | 10.48550/arxiv.2402.16497 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2402_16497</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2402_16497</sourcerecordid><originalsourceid>FETCH-LOGICAL-a677-1cc82e648169190f41dc6a89d9adef587488485c88e4c7eedd8375801194b5be3</originalsourceid><addsrcrecordid>eNotj8tOAjEYRrthYcAHcGVfYMZ2ppe_uCJc1GQiC9hPSvtXmsCUVC46T6-gq29xki_nEPLAWSlASvZk81c8l5VgVcmVMPqOPK8m77MxnaFLp8Mudh90Zbt4jL09xtTRkNOeLk59fyUhZdqkC12eMW_R-hEZBLv7xPv_HZL1Yr6evhbN8uVtOmkKq7QuuHNQoRLAleGGBcG9UxaMN9ZjkKAFwK-dA0DhNKL3UGsJjHMjNnKD9ZA8_t3e7NtDjnubv9trRXurqH8ACdJBLg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>SAND: Decoupling Sanitization from Fuzzing for Low Overhead</title><source>arXiv.org</source><creator>Kong, Ziqiao ; Li, Shaohua ; Huang, Heqing ; Su, Zhendong</creator><creatorcontrib>Kong, Ziqiao ; Li, Shaohua ; Huang, Heqing ; Su, Zhendong</creatorcontrib><description>Sanitizers provide robust test oracles for various software vulnerabilities.
Fuzzing on sanitizer-enabled programs has been the best practice to find
software bugs. Since sanitizers need to heavily instrument a target program to
insert run-time checks, sanitizer-enabled programs have much higher overhead
compared to normally built programs. In this paper, we present SAND, a new
fuzzing framework that decouples sanitization from the fuzzing loop. SAND
performs fuzzing on a normally built program and only invokes sanitizer-enabled
programs when input is shown to be interesting. Since most of the generated
inputs are not interesting, i.e., not bug-triggering, SAND allows most of the
fuzzing time to be spent on the normally built program. To identify interesting
inputs, we introduce execution pattern for a practical execution analysis on
the normally built program. We realize SAND on top of AFL++ and evaluate it on
12 real-world programs. Our extensive evaluation highlights its effectiveness:
on a period of 24 hours, compared to fuzzing on ASan/UBSan-enabled and
MSan-enabled programs, SAND respectively achieves 2.6x and 15x throughput and
detects 51% and 242% more bugs.</description><identifier>DOI: 10.48550/arxiv.2402.16497</identifier><language>eng</language><subject>Computer Science - Cryptography and Security ; Computer Science - Software Engineering</subject><creationdate>2024-02</creationdate><rights>http://creativecommons.org/licenses/by-nc-nd/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,778,883</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2402.16497$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2402.16497$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Kong, Ziqiao</creatorcontrib><creatorcontrib>Li, Shaohua</creatorcontrib><creatorcontrib>Huang, Heqing</creatorcontrib><creatorcontrib>Su, Zhendong</creatorcontrib><title>SAND: Decoupling Sanitization from Fuzzing for Low Overhead</title><description>Sanitizers provide robust test oracles for various software vulnerabilities.
Fuzzing on sanitizer-enabled programs has been the best practice to find
software bugs. Since sanitizers need to heavily instrument a target program to
insert run-time checks, sanitizer-enabled programs have much higher overhead
compared to normally built programs. In this paper, we present SAND, a new
fuzzing framework that decouples sanitization from the fuzzing loop. SAND
performs fuzzing on a normally built program and only invokes sanitizer-enabled
programs when input is shown to be interesting. Since most of the generated
inputs are not interesting, i.e., not bug-triggering, SAND allows most of the
fuzzing time to be spent on the normally built program. To identify interesting
inputs, we introduce execution pattern for a practical execution analysis on
the normally built program. We realize SAND on top of AFL++ and evaluate it on
12 real-world programs. Our extensive evaluation highlights its effectiveness:
on a period of 24 hours, compared to fuzzing on ASan/UBSan-enabled and
MSan-enabled programs, SAND respectively achieves 2.6x and 15x throughput and
detects 51% and 242% more bugs.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Software Engineering</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj8tOAjEYRrthYcAHcGVfYMZ2ppe_uCJc1GQiC9hPSvtXmsCUVC46T6-gq29xki_nEPLAWSlASvZk81c8l5VgVcmVMPqOPK8m77MxnaFLp8Mudh90Zbt4jL09xtTRkNOeLk59fyUhZdqkC12eMW_R-hEZBLv7xPv_HZL1Yr6evhbN8uVtOmkKq7QuuHNQoRLAleGGBcG9UxaMN9ZjkKAFwK-dA0DhNKL3UGsJjHMjNnKD9ZA8_t3e7NtDjnubv9trRXurqH8ACdJBLg</recordid><startdate>20240226</startdate><enddate>20240226</enddate><creator>Kong, Ziqiao</creator><creator>Li, Shaohua</creator><creator>Huang, Heqing</creator><creator>Su, Zhendong</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20240226</creationdate><title>SAND: Decoupling Sanitization from Fuzzing for Low Overhead</title><author>Kong, Ziqiao ; Li, Shaohua ; Huang, Heqing ; Su, Zhendong</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a677-1cc82e648169190f41dc6a89d9adef587488485c88e4c7eedd8375801194b5be3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Software Engineering</topic><toplevel>online_resources</toplevel><creatorcontrib>Kong, Ziqiao</creatorcontrib><creatorcontrib>Li, Shaohua</creatorcontrib><creatorcontrib>Huang, Heqing</creatorcontrib><creatorcontrib>Su, Zhendong</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kong, Ziqiao</au><au>Li, Shaohua</au><au>Huang, Heqing</au><au>Su, Zhendong</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>SAND: Decoupling Sanitization from Fuzzing for Low Overhead</atitle><date>2024-02-26</date><risdate>2024</risdate><abstract>Sanitizers provide robust test oracles for various software vulnerabilities.
Fuzzing on sanitizer-enabled programs has been the best practice to find
software bugs. Since sanitizers need to heavily instrument a target program to
insert run-time checks, sanitizer-enabled programs have much higher overhead
compared to normally built programs. In this paper, we present SAND, a new
fuzzing framework that decouples sanitization from the fuzzing loop. SAND
performs fuzzing on a normally built program and only invokes sanitizer-enabled
programs when input is shown to be interesting. Since most of the generated
inputs are not interesting, i.e., not bug-triggering, SAND allows most of the
fuzzing time to be spent on the normally built program. To identify interesting
inputs, we introduce execution pattern for a practical execution analysis on
the normally built program. We realize SAND on top of AFL++ and evaluate it on
12 real-world programs. Our extensive evaluation highlights its effectiveness:
on a period of 24 hours, compared to fuzzing on ASan/UBSan-enabled and
MSan-enabled programs, SAND respectively achieves 2.6x and 15x throughput and
detects 51% and 242% more bugs.</abstract><doi>10.48550/arxiv.2402.16497</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2402.16497 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2402_16497 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security Computer Science - Software Engineering |
| title | SAND: Decoupling Sanitization from Fuzzing for Low Overhead |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T09%3A09%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=SAND:%20Decoupling%20Sanitization%20from%20Fuzzing%20for%20Low%20Overhead&rft.au=Kong,%20Ziqiao&rft.date=2024-02-26&rft_id=info:doi/10.48550/arxiv.2402.16497&rft_dat=%3Carxiv_GOX%3E2402_16497%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |