For coverage-guided fuzzers, many of their adopted seeds are usually underused by exploring limited program states since essentially all their executions have to abide by rigorous program dependencies while only limited seeds are capable of accessing dependencies. Moreover, even when iteratively executing such limited seeds, the fuzzers have to repeatedly access the covered program states before uncovering new states. Such facts indicate that exploration power on program states of seeds has not been sufficiently leveraged by the existing coverage-guided fuzzing strategies. To tackle these issues, we propose a coverage-guided fuzzer, namely MirageFuzz, to mitigate the program dependencies when executing seeds for enhancing their exploration power on program states. Specifically, MirageFuzz first creates a “phantom” program of the target program by reducing its program dependencies corresponding to conditional statements while retaining their original semantics. Accordingly, MirageFuzz performs dual fuzzing, i.e., the source fuzzing to fuzz the original program and the phantom fuzzing to fuzz the phantom program simultaneously. Then, MirageFuzz applies the taint-based mutation mechanism to generate a new seed by updating the target conditional statement of a given seed from the source fuzzing with the corresponding condition value derived by the phantom fuzzing. To evaluate the effectiveness of MirageFuzz, we build a benchmark suite with 18 projects commonly adopted by recent fuzzing papers, and select seven open-source fuzzers as baselines for performance comparison with MirageFuzz. The experiment results suggest that MirageFuzz outperforms our baseline fuzzers from 13.42% to 77.96% averagely. Furthermore, MirageFuzz exposes 29 previously unknown bugs where 4 of them have been confirmed and 3 have been fixed by the corresponding developers.
Wed 6 DecDisplayed time zone: Pacific Time (US & Canada) change
16:00 - 18:00 | FuzzingResearch Papers at Golden Gate C1 Chair(s): Shaukat Ali Simula Research Laboratory and Oslo Metropolitan University | ||
16:00 15mTalk | Enhancing Coverage-guided Fuzzing via Phantom Program Research Papers Mingyuan Wu Southern University of Science and Technology and the University of Hong Kong, Kunqiu Chen Southern University of Science and Technology, Qi Luo Southern University of Science and Technology, Jiahong Xiang Southern University of Science and Technology, Ji Qi The University of Hong Kong, Junjie Chen Tianjin University, Heming Cui University of Hong Kong, Yuqun Zhang Southern University of Science and Technology Media Attached | ||
16:15 15mTalk | Co-Dependence Aware Fuzzing for Dataflow-based Big Data Analytics Research Papers Ahmad Humayun Virginia Tech, Miryung Kim University of California at Los Angeles, USA, Muhammad Ali Gulzar Virginia Tech Pre-print Media Attached | ||
16:30 15mTalk | SJFuzz: Seed & Mutator Scheduling for JVM Fuzzing Research Papers Mingyuan Wu Southern University of Science and Technology and the University of Hong Kong, Yicheng Ouyang University of Illinois at Urbana-Champaign, Minghai Lu Southern University of Science and Technology, Junjie Chen Tianjin University, Yingquan Zhao College of Intelligence and Computing, Tianjin University, Heming Cui University of Hong Kong, Guowei Yang University of Queensland, Yuqun Zhang Southern University of Science and Technology Media Attached | ||
16:45 15mTalk | Metamong: Detecting Render-update Bugs in Web Browsers through Fuzzing Research Papers Suhwan Song Seoul National University, South Korea, Byoungyoung Lee Seoul National University, South Korea Media Attached | ||
17:00 15mTalk | Property-based Fuzzing for Finding Data Manipulation Errors in Android Apps Research Papers Jingling Sun East China Normal University, Ting Su East China Normal University, Jiayi Jiang East China Normal University, Jue Wang Nanjing University, Geguang Pu East China Normal University, Zhendong Su ETH Zurich Media Attached | ||
17:15 15mTalk | Leveraging Hardware Probes and Optimizations for Accelerating Fuzz Testing of Heterogeneous Applications Research Papers Jiyuan Wang University of California at Los Angeles, Qian Zhang University of California, Riverside, Hongbo Rong Intel Labs, Guoqing Harry Xu University of California at Los Angeles, Miryung Kim University of California at Los Angeles, USA Pre-print Media Attached | ||
17:30 15mTalk | NaNofuzz: A Usable Tool for Automatic Test Generation Research Papers Matthew C. Davis Carnegie Mellon University, Sangheon Choi Rose-Hulman Institute of Technology, Sam Estep Carnegie Mellon University, Brad A. Myers Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University Link to publication DOI Media Attached | ||
17:45 15mTalk | [Remote] A Generative and Mutational Approach for Synthesizing Bug-exposing Test Cases to Guide Compiler Fuzzing Research Papers Guixin Ye Northwest University, Tianmin Hu Northwest University, Zhanyong Tang Northwest University, Zhenye Fan Northwest University, Shin Hwei Tan Concordia University, Bo Zhang Tencent Security Platform Department, Wenxiang Qian Tencent Security Platform Department, Zheng Wang University of Leeds, UK Media Attached |