School of Electronic Science, National University of Defense Technology, Changsha, Hunan, P.R.C.
PLoS One. 2018 May 23;13(5):e0196733. doi: 10.1371/journal.pone.0196733. eCollection 2018.
Bugs and vulnerabilities in binary executables threaten cyber security. Current discovery methods, like fuzz testing, symbolic execution and manual analysis, both have advantages and disadvantages when exercising the deeper code area in binary executables to find more bugs. In this paper, we designed and implemented a hybrid automatic bug finding tool-Ffuzz-on top of fuzz testing and selective symbolic execution. It targets full system software stack testing including both the user space and kernel space. Combining these two mainstream techniques enables us to achieve higher coverage and avoid getting stuck both in fuzz testing and symbolic execution. We also proposed two key optimizations to improve the efficiency of full system testing. We evaluated the efficiency and effectiveness of our method on real-world binary software and 844 memory corruption vulnerable programs in the Juliet test suite. The results show that Ffuzz can discover software bugs in the full system software stack effectively and efficiently.
二进制可执行文件中的漏洞和缺陷威胁着网络安全。当前的发现方法,如模糊测试、符号执行和手动分析,在对二进制可执行文件中的深层代码区域进行测试以发现更多漏洞时,都有各自的优缺点。在本文中,我们设计并实现了一种混合自动漏洞发现工具-Ffuzz,它建立在模糊测试和选择性符号执行的基础上。它针对全系统软件堆栈测试,包括用户空间和内核空间。将这两种主流技术结合起来,可以实现更高的覆盖率,并避免在模糊测试和符号执行中陷入困境。我们还提出了两个关键优化,以提高全系统测试的效率。我们在真实世界的二进制软件和 Juliet 测试套件中的 844 个内存损坏漏洞程序上评估了我们方法的效率和有效性。结果表明,Ffuzz 可以有效地发现全系统软件堆栈中的软件漏洞。
