Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation

Cen, Zhang1; Yuekang, Li1; Hao, Zhou2; Xiaohan, Zhang1; Yaowen, Zheng3; Xian, Zhan3,5; Xiaofei, Xie4; Xiapu, Luo2; Xinghua, Li3; Yang, Liu1; Sheikh, Mahbub Habib6

2023

32nd USENIX Security Symposium

PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM

AUG 09-11, 2023

null,Anaheim,CA

SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA

USENIX ASSOC

["Fuzz drivers are essential for fuzzing library APIs. However, manually composing fuzz drivers is difficult and time-consuming. Therefore, several works have been proposed to generate fuzz drivers automatically. Although these works can learn correct API usage from the consumer programs of the target library, three challenges still hinder the quality of the generated fuzz drivers: 1) How to learn and utilize the control dependencies in API usage; 2) How to handle the noises of the learned API usage, especially for complex real-world consumer programs; 3) How to organize independent sets of API usage inside the fuzz driver to better coordinate with fuzzers.","To solve these challenges, we propose RUBICK, an automata-guided control-flow-sensitive fuzz driver generation technique. RUBICK has three key features: 1) it models the API usage (including API data and control dependencies) as a deterministic finite automaton; 2) it leverages active automata learning algorithm to distill the learned API usage; 3) it synthesizes a single automata-guided fuzz driver, which provides scheduling interface for the fuzzer to test independent sets of API usage during fuzzing. During the experiments, the fuzz drivers generated by RUBICK showed a significant performance advantage over the baselines by covering an average of 50.42% more edges than fuzz drivers generated by FUZZGEN and 44.58% more edges than manually written fuzz drivers from OSS-Fuzz or human experts. By learning from large-scale open source projects, RUBICK has generated fuzz drivers for 11 popular Java projects and two of them have been merged into OSS-Fuzz. So far, 199 bugs, including four CVEs, are found using these fuzz drivers, which can affect popular PC and Android software with dozens of millions of downloads."]

其他

英语

EI ; CPCI-S

National Research Foundation, Singapore under its the AI Singapore Programme[AISG2-RP-2020-019] ; National Research Foundation through its National Satellite of Excellence in Trustworthy Software Systems (NSOE-TSS) project under the National Cybersecurity RD (NCR)[NRF2018NCR-NSOE003-0001] ; Hong Kong RGC Project[PolyU15222320] ; HKPolyU Grant[ZVG0] ; National Natural Science Foundation of China[62125205]

Computer Science

Computer Science, Information Systems ; Computer Science, Interdisciplinary Applications ; Computer Science, Theory & Methods

WOS:001066451503002

Web of Science

1.Continental-NTU Corporate Lab, Nanyang Technological University, Singapore
2.Hong Kong Polytechnic University, Hong Kong
3.Xidian University, China
4.Singapore Management University, Singapore
5.Southern University of Science and Technology, China
6.Continental Ag, Germany

Cen, Zhang,Yuekang, Li,Hao, Zhou,et al. Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation[C]. SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA:USENIX ASSOC,2023.