Abstract
Directed fuzzing is a useful technique that can confirm bugs found by static analysis, reproduce existing bugs, and efficiently test code changes. A general mechanism in directed fuzzing is to calculate the distance between the current progress and the target, and use that as a feedback to guide the directed fuzzing. A fundamental problem with existing distance calculation is that it is feasibility-unaware. For instance, it always assumes that the two branches of an if statement have equal feasibility, which is likely not true in real-world programs and would inevitablly incur significant biases in the directed fuzzing. In this work, we propose feasibility-aware directed fuzzing, AFLGopher. Our new feasibility-aware distance calculation provides precise feedback to guide directed fuzzing to reach targets efficiently. We propose new techniques to address challenges of the feasibility prediction. Our new classification method allows to predict the feasibility of all branches based on limited traces, and our runtime feasibility-updating mechanism gradually improves the prediction precision. We implement AFLGopher, and the evaluation results show that AFLGopher uses less time to reach the bugs, compared to the state of the art.
Original language | English (US) |
---|---|
Title of host publication | Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 42-49 |
Number of pages | 8 |
ISBN (Electronic) | 9798350327205 |
DOIs | |
State | Published - 2023 |
Event | 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 - Delft, Netherlands Duration: Jul 3 2023 → Jul 7 2023 |
Publication series
Name | Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 |
---|
Conference
Conference | 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023 |
---|---|
Country/Territory | Netherlands |
City | Delft |
Period | 7/3/23 → 7/7/23 |
Bibliographical note
Publisher Copyright:© 2023 IEEE.