Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Program Environment Fuzzing (2404.13951v3)

Published 22 Apr 2024 in cs.SE

Abstract: Computer programs are not executed in isolation, but rather interact with the execution environment which drives the program behaviors. Software validation methods thus need to capture the effect of possibly complex environmental interactions. Program environments may come from files, databases, configurations, network sockets, human-user interactions, and more. Conventional approaches for environment capture in symbolic execution and model checking employ environment modeling, which involves manual effort. In this paper, we take a different approach based on an extension of greybox fuzzing. Given a program, we first record all observed environmental interactions at the kernel/user-mode boundary in the form of system calls. Next, we replay the program under the original recorded interactions, but this time with selective mutations applied, in order to get the effect of different program environments -- all without environment modeling. Via repeated (feedback-driven) mutations over a fuzzing campaign, we can search for program environments that induce crashing behaviors. Our EnvFuzz tool found 33 previously unknown bugs in well-known real-world protocol implementations and GUI applications. Many of these are security vulnerabilities and 16 CVEs were assigned.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (36)
  1. AFLplusplus. Afl++. https://github.com/AFLplusplus/AFLplusplus.
  2. Snapfuzz: high-throughput fuzzing of network applications. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 340–351, New York, 2022. ACM.
  3. Ijon: Exploring deep state spaces via fuzzing. In Proceedings of the 2020 IEEE Symposium on Security and Privacy, pages 1597–1612. IEEE, 2020.
  4. Stateful greybox fuzzing. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), pages 3255–3272. USENIX Association, 2022.
  5. A survey of symbolic execution techniques. ACM Computing Surveys (CSUR), 51(3):1–39, 2018.
  6. Thorough static analysis of device drivers. ACM SIGOPS Operating Systems Review, 40(4):73–85, 2006.
  7. Fuzzing: Challenges and reflections. IEEE Software, 38(3):79–86, 2020.
  8. Coverage-based greybox fuzzing as markov chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1032–1043. ACM, 2016.
  9. On the reliability of coverage-based fuzzer benchmarking. In Proceedings of the 44th International Conference on Software Engineering, pages 1621–1633. ACM, 2022.
  10. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, pages 209–224. USENIX Association, 2008.
  11. Exe: Automatically generating inputs of death. ACM Transactions on Information and System Security, 12(2):1–38, 2008.
  12. S2e: A platform for in-vivo multi-path analysis of software systems. In Proceedings of the 16th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, pages 265–278. ACM, 2011.
  13. Repeatable reverse engineering with panda. In Proceedings of the 5th Program Protection and Reverse Engineering Workshop, pages 1–11. ACM, 2015.
  14. Binary rewriting without control flow recovery. In Proceedings of the 41st ACM SIGPLAN conference on programming language design and implementation, pages 151–163. ACM, 2020.
  15. Revirt: Enabling intrusion analysis through virtual-machine logging and replay. ACM SIGOPS Operating Systems Review, 36(SI):211–224, 2002.
  16. Snipuzz: Black-box fuzzing of iot firmware via message snippet inference. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 337–350. ACM, 2021.
  17. AFL++ : Combining incremental steps of fuzzing research. In Proceedings of the 14th USENIX Workshop on Offensive Technologies. USENIX Association, 2020.
  18. Scalable fuzzing of program binaries with e9afl. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 1247–1251. ACM, 2021.
  19. Dart: Directed automated random testing. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pages 213–223. ACM, 2005.
  20. Winnie: Fuzzing windows applications with harness synthesis and fast cloning. In Proceedings of the 2021 Network and Distributed System Security Symposium, 2021.
  21. Evaluating fuzz testing. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pages 2123–2138. ACM, 2018.
  22. Sparse record and replay with controlled scheduling. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 576–593. ACM, 2019.
  23. Large language model guided protocol fuzzing. In Proceedings of the 31st Annual Network and Distributed System Security Symposium. ISOC, 2024.
  24. Cmc: A pragmatic approach to model checking real code. ACM SIGOPS Operating Systems Review, 36(SI):75–88, 2002.
  25. Roberto Natella. Stateafl: Greybox fuzzing for stateful network servers. Empirical Software Engineering, 27(191), 2022.
  26. Profuzzbench: A benchmark for stateful protocol fuzzing. In Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis, pages 662–665. ACM, 2021.
  27. Engineering record and replay for deployability. In Proceedings of the 2017 USENIX Annual Technical Conference, pages 377–389. USENIX Association, 2017.
  28. Gpureplay: a 50-kb gpu stack for client ml. In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, pages 157–170. ACM, 2022.
  29. Aflnet: A greybox fuzzer for network protocols. In Proceedings of the 13th IEEE International Conference on Software Testing, Verification and Validation: Testing Tools Track, pages 460–465. IEEE, 2020.
  30. Symbolic execution with {{\{{SymCC}}\}}: Don’t interpret, compile! In Proceedings of the 29th USENIX Security Symposium, pages 181–198. Usenix Association, 2020.
  31. Nsfuzz: Towards efficient and state-aware network service fuzzing. ACM Transactions on Software Engineering and Methodology, 32(160):1–26, 2023.
  32. Nyx-net: network fuzzing with incremental snapshots. In Proceedings of the 17th European Conference on Computer Systems, pages 166–180. ACM, 2022.
  33. Cute: A concolic unit testing engine for c. ACM SIGSOFT Software Engineering Notes, 30(5):263–272, 2005.
  34. Automated environment generation for software model checking. In Proceedings of the 18th IEEE International Conference on Automated Software Engineering, pages 116–127. IEEE, 2003.
  35. Michał Zalewski. AFL. https://lcamtuf.coredump.cx/afl/.
  36. Vidi: Record replay for reconfigurable hardware. In Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3, pages 806–820. ACM, 2023.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (3)
  1. Ruijie Meng (7 papers)
  2. Gregory J. Duck (11 papers)
  3. Abhik Roychoudhury (41 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now