Program Environment Fuzzing
CoRR(2024)
摘要
Computer programs are not executed in isolation, but rather interact with the
execution environment which drives the program behaviours. Software validation
and verification methods, such as greybox fuzzing, thus need to capture the
effect of possibly complex environmental interactions, including files,
databases, configurations, network sockets, human-user interactions, and more.
Conventional approaches for environment capture in symbolic execution and model
checking employ environment modelling, which involves manual effort. In this
paper, we take a different approach based on an extension of greybox fuzzing.
Given a program, we first record all observed environmental interactions at the
kernel/user-mode boundary in the form of system calls. Next, we replay the
program under the original recorded interactions, but this time with selective
mutations applied, in order to get the effect of different program environments
– all without environment modelling. Via repeated (feedback-driven) mutations
over a fuzzing campaign, we can search for program environments that induce
crashing behaviour. Our EFuzz tool found 33 zero-day bugs in well-known
real-world protocol implementations and GUI applications. Many of these are
security vulnerabilities and 14 CVEs were assigned.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要