Abstract
Hybrid fuzzing, which combines fuzzing and concolic execution, is promising in light of the recent performance improvements in concolic engines. We have observed that there is room for further improvement: symbolic emulation is still slow, unnecessary constraints dominate solving time, resources are overly allocated, and hard-to-trigger bugs are missed. To address these problems, we present a new hybrid fuzzer named Intriguer. The key idea of Intriguer is field-level constraint solving, which optimizes symbolic execution with field-level knowledge. Intriguer performs instruction-level taint analysis and records execution traces without data transfer instructions like mov. Intriguer then reduces the execution traces for tainted instructions that accessed a wide range of input bytes, and infers input fields to build field transition trees. With these optimizations, Intriguer can efficiently perform symbolic emulation for more relevant instructions and invoke a solver for complicated constraints only. Our evaluation results indicate that Intriguer outperforms the state-of-the-art fuzzers: Intriguer found all the bugs in the LAVA-M(5h) benchmark dataset for ground truth performance, and also discovered 43 new security bugs in seven real-world programs. We reported the bugs and received 23 new CVEs.
| Original language | English |
|---|---|
| Title of host publication | CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | Association for Computing Machinery |
| Pages | 515-530 |
| Number of pages | 16 |
| ISBN (Electronic) | 9781450367479 |
| DOIs | |
| Publication status | Published - 2019 Nov 6 |
| Event | 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 - London, United Kingdom Duration: 2019 Nov 11 → 2019 Nov 15 |
Publication series
| Name | Proceedings of the ACM Conference on Computer and Communications Security |
|---|---|
| ISSN (Print) | 1543-7221 |
Conference
| Conference | 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 |
|---|---|
| Country/Territory | United Kingdom |
| City | London |
| Period | 19/11/11 → 19/11/15 |
Bibliographical note
Funding Information:We thank the anonymous reviewers and our shepherd Andrew Ruef for helpful comments and suggestions on this work. This research was supported in part by the Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2018-0-00513, Machine Learning Based Automation of Vulnerability Detection on Unix-based Kernel).
Publisher Copyright:
© 2019 Association for Computing Machinery.
All Science Journal Classification (ASJC) codes
- Software
- Computer Networks and Communications