SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs

SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs

Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:China communications 2021-08, Vol.18 (8), p.1-16
Hauptverfasser: Wang, Wenjie, Tian, Donghai, Ma, Rui, Wei, Hang, Ying, Qianjin, Jia, Xiaoqi, Zuo, Lei
Format: Artikel
Sprache:eng
Schlagworte:
binary programs
Complexity theory
Computer bugs
concolic execution
Fuzzing
hybrid fuzzing
Indexes
Security
Software
Static analysis
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 16
container_issue 8
container_start_page 1
container_title China communications
container_volume 18
creator Wang, Wenjie
Tian, Donghai
Ma, Rui
Wei, Hang
Ying, Qianjin
Jia, Xiaoqi
Zuo, Lei
description Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general, we observe that the execution path which comes across more and complex basic blocks may have a higher chance of containing a security bug. Based on this observation, we propose a hybrid fuzzing method assisted by static analysis for binary programs. The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths. For this purpose, we utilize static analysis to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs' weights. The key advantage of our method is that our system can test binary programs efficiently by using the hardware trace and hybrid fuzzing. To evaluate the effectiveness of our method, we design and implement a prototype system, namely SHFuzz. The evaluation results show SHFuzz discovers more unique crashes on several real-world applications and the LAVA-M dataset when compared to the previous solutions.
doi_str_mv 10.23919/JCC.2021.08.001
format Article
fullrecord <record><control><sourceid>wanfang_jour_RIE</sourceid><recordid>TN_cdi_ieee_primary_9521142</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9521142</ieee_id><wanfj_id>zgtx202108002</wanfj_id><sourcerecordid>zgtx202108002</sourcerecordid><originalsourceid>FETCH-LOGICAL-c293t-1c83ccf3ba529fe0107003dbcf261b212a4ad9fcb4ec018ab4da95577a3345333</originalsourceid><addsrcrecordid>eNo9kL1PwzAQxT2ARFW6I7F4YUw42_lkqyJKQZU6ALN1duw0VZtUdipI_3pcirjldKf3O717hNwxiLkoWfn4VlUxB85iKGIAdkUmLMtFlCZJfkNm3m8hVJFlIuMTsn5fLo6n0xOd082oXFtTG8a2a-jeDJu-puh96wdTUzVSP-DQaood7sawpbZ3VLUdupEeXN843Ptbcm1x583sr0_J5-L5o1pGq_XLazVfRZqXYoiYLoTWVihMeWkNMMgBRK205RlTnHFMsC6tVonRwApUSY1lmuY5CpGkQogpebjc_cLOYtfIbX90wZeXp2b4Pr8PBQAPOrjotOu9d8bKg2v3wbFkIH_zkiEveQYkFDLkFZD7C9IaY_7lZcoZS7j4AfJ4aFQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs</title><source>IEEE Electronic Library (IEL)</source><creator>Wang, Wenjie ; Tian, Donghai ; Ma, Rui ; Wei, Hang ; Ying, Qianjin ; Jia, Xiaoqi ; Zuo, Lei</creator><creatorcontrib>Wang, Wenjie ; Tian, Donghai ; Ma, Rui ; Wei, Hang ; Ying, Qianjin ; Jia, Xiaoqi ; Zuo, Lei</creatorcontrib><description>Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general, we observe that the execution path which comes across more and complex basic blocks may have a higher chance of containing a security bug. Based on this observation, we propose a hybrid fuzzing method assisted by static analysis for binary programs. The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths. For this purpose, we utilize static analysis to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs' weights. The key advantage of our method is that our system can test binary programs efficiently by using the hardware trace and hybrid fuzzing. To evaluate the effectiveness of our method, we design and implement a prototype system, namely SHFuzz. The evaluation results show SHFuzz discovers more unique crashes on several real-world applications and the LAVA-M dataset when compared to the previous solutions.</description><identifier>ISSN: 1673-5447</identifier><identifier>DOI: 10.23919/JCC.2021.08.001</identifier><identifier>CODEN: CCHOBE</identifier><language>eng</language><publisher>China Institute of Communications</publisher><subject>binary programs ; Complexity theory ; Computer bugs ; concolic execution ; Fuzzing ; hybrid fuzzing ; Indexes ; Security ; Software ; Static analysis</subject><ispartof>China communications, 2021-08, Vol.18 (8), p.1-16</ispartof><rights>Copyright © Wanfang Data Co. Ltd. All Rights Reserved.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c293t-1c83ccf3ba529fe0107003dbcf261b212a4ad9fcb4ec018ab4da95577a3345333</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttp://www.wanfangdata.com.cn/images/PeriodicalImages/zgtx/zgtx.jpg</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9521142$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27923,27924,54757</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9521142$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Wang, Wenjie</creatorcontrib><creatorcontrib>Tian, Donghai</creatorcontrib><creatorcontrib>Ma, Rui</creatorcontrib><creatorcontrib>Wei, Hang</creatorcontrib><creatorcontrib>Ying, Qianjin</creatorcontrib><creatorcontrib>Jia, Xiaoqi</creatorcontrib><creatorcontrib>Zuo, Lei</creatorcontrib><title>SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs</title><title>China communications</title><addtitle>ChinaComm</addtitle><description>Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general, we observe that the execution path which comes across more and complex basic blocks may have a higher chance of containing a security bug. Based on this observation, we propose a hybrid fuzzing method assisted by static analysis for binary programs. The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths. For this purpose, we utilize static analysis to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs' weights. The key advantage of our method is that our system can test binary programs efficiently by using the hardware trace and hybrid fuzzing. To evaluate the effectiveness of our method, we design and implement a prototype system, namely SHFuzz. The evaluation results show SHFuzz discovers more unique crashes on several real-world applications and the LAVA-M dataset when compared to the previous solutions.</description><subject>binary programs</subject><subject>Complexity theory</subject><subject>Computer bugs</subject><subject>concolic execution</subject><subject>Fuzzing</subject><subject>hybrid fuzzing</subject><subject>Indexes</subject><subject>Security</subject><subject>Software</subject><subject>Static analysis</subject><issn>1673-5447</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kL1PwzAQxT2ARFW6I7F4YUw42_lkqyJKQZU6ALN1duw0VZtUdipI_3pcirjldKf3O717hNwxiLkoWfn4VlUxB85iKGIAdkUmLMtFlCZJfkNm3m8hVJFlIuMTsn5fLo6n0xOd082oXFtTG8a2a-jeDJu-puh96wdTUzVSP-DQaood7sawpbZ3VLUdupEeXN843Ptbcm1x583sr0_J5-L5o1pGq_XLazVfRZqXYoiYLoTWVihMeWkNMMgBRK205RlTnHFMsC6tVonRwApUSY1lmuY5CpGkQogpebjc_cLOYtfIbX90wZeXp2b4Pr8PBQAPOrjotOu9d8bKg2v3wbFkIH_zkiEveQYkFDLkFZD7C9IaY_7lZcoZS7j4AfJ4aFQ</recordid><startdate>20210801</startdate><enddate>20210801</enddate><creator>Wang, Wenjie</creator><creator>Tian, Donghai</creator><creator>Ma, Rui</creator><creator>Wei, Hang</creator><creator>Ying, Qianjin</creator><creator>Jia, Xiaoqi</creator><creator>Zuo, Lei</creator><general>China Institute of Communications</general><general>School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China%NSFOCUS Inc.,Beijing 100089,China</general><general>School of Computer Science and Technology,Beijing Institute of Technology,Beijing 100081,China%School of Computer Science and Technology,Beijing Institute of Technology,Beijing 100081,China</general><general>Key Laboratory of Network Assessment Technology,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100049,China%Key Laboratory of Network Assessment Technology,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100049,China</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>2B.</scope><scope>4A8</scope><scope>92I</scope><scope>93N</scope><scope>PSX</scope><scope>TCJ</scope></search><sort><creationdate>20210801</creationdate><title>SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs</title><author>Wang, Wenjie ; Tian, Donghai ; Ma, Rui ; Wei, Hang ; Ying, Qianjin ; Jia, Xiaoqi ; Zuo, Lei</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c293t-1c83ccf3ba529fe0107003dbcf261b212a4ad9fcb4ec018ab4da95577a3345333</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>binary programs</topic><topic>Complexity theory</topic><topic>Computer bugs</topic><topic>concolic execution</topic><topic>Fuzzing</topic><topic>hybrid fuzzing</topic><topic>Indexes</topic><topic>Security</topic><topic>Software</topic><topic>Static analysis</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Wang, Wenjie</creatorcontrib><creatorcontrib>Tian, Donghai</creatorcontrib><creatorcontrib>Ma, Rui</creatorcontrib><creatorcontrib>Wei, Hang</creatorcontrib><creatorcontrib>Ying, Qianjin</creatorcontrib><creatorcontrib>Jia, Xiaoqi</creatorcontrib><creatorcontrib>Zuo, Lei</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Wanfang Data Journals - Hong Kong</collection><collection>WANFANG Data Centre</collection><collection>Wanfang Data Journals</collection><collection>万方数据期刊 - 香港版</collection><collection>China Online Journals (COJ)</collection><collection>China Online Journals (COJ)</collection><jtitle>China communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wang, Wenjie</au><au>Tian, Donghai</au><au>Ma, Rui</au><au>Wei, Hang</au><au>Ying, Qianjin</au><au>Jia, Xiaoqi</au><au>Zuo, Lei</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs</atitle><jtitle>China communications</jtitle><stitle>ChinaComm</stitle><date>2021-08-01</date><risdate>2021</risdate><volume>18</volume><issue>8</issue><spage>1</spage><epage>16</epage><pages>1-16</pages><issn>1673-5447</issn><coden>CCHOBE</coden><abstract>Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general, we observe that the execution path which comes across more and complex basic blocks may have a higher chance of containing a security bug. Based on this observation, we propose a hybrid fuzzing method assisted by static analysis for binary programs. The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths. For this purpose, we utilize static analysis to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs' weights. The key advantage of our method is that our system can test binary programs efficiently by using the hardware trace and hybrid fuzzing. To evaluate the effectiveness of our method, we design and implement a prototype system, namely SHFuzz. The evaluation results show SHFuzz discovers more unique crashes on several real-world applications and the LAVA-M dataset when compared to the previous solutions.</abstract><pub>China Institute of Communications</pub><doi>10.23919/JCC.2021.08.001</doi><tpages>16</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1673-5447
ispartof China communications, 2021-08, Vol.18 (8), p.1-16
issn 1673-5447
language eng
recordid cdi_ieee_primary_9521142
source IEEE Electronic Library (IEL)
subjects binary programs
Complexity theory
Computer bugs
concolic execution
Fuzzing
hybrid fuzzing
Indexes
Security
Software
Static analysis
title SHFuzz: A hybrid fuzzing method assisted by static analysis for binary programs
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T09%3A36%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-wanfang_jour_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=SHFuzz:%20A%20hybrid%20fuzzing%20method%20assisted%20by%20static%20analysis%20for%20binary%20programs&rft.jtitle=China%20communications&rft.au=Wang,%20Wenjie&rft.date=2021-08-01&rft.volume=18&rft.issue=8&rft.spage=1&rft.epage=16&rft.pages=1-16&rft.issn=1673-5447&rft.coden=CCHOBE&rft_id=info:doi/10.23919/JCC.2021.08.001&rft_dat=%3Cwanfang_jour_RIE%3Ezgtx202108002%3C/wanfang_jour_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=9521142&rft_wanfj_id=zgtx202108002&rfr_iscdi=true