Abstract | ||
---|---|---|
Fuzzing is a popular technique for software vulnerability mining. Although the state-of-the-art fuzzers combine many popular technologies to overcome the shortcomings of fuzzing, it leaves a lot to be desired. Symbolic execution can help fuzzer to generate effective input, but it brings heavy loads. Other technologies are difficult to support fuzzing to accurately generate inputs that satisfy constraints. Therefore, we propose Multi-Factor Potential Analysis (MPA), a new search strategy that enables fuzzing to traverse more paths based on symbolic execution. The goal of its search process is to find an unexplored path, in symbolic execution, which is easy to solve and has distinguished contribution to the growth rate of path coverage. Moreover, it also takes into account the high-risk functions contained in the path. Tinker-MPA, a tool that implements MPA strategy, is implemented. It traverses more paths in a limited time than the other state-of-the-art fuzzing tools such as AFL and Tinker on DARPA CGC benchmark. Besides, the vulnerability mining of Tinker-MPA is more efficient. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1109/QRS-C.2018.00087 | 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C) |
Keywords | Field | DocType |
binary program,fuzzing,symbolic execution,vulnerability mining | Fuzz testing,Vulnerability (computing),Tinker,Computer science,Path coverage,Symbolic execution,Traverse,Distributed computing,Vulnerability | Conference |
ISBN | Citations | PageRank |
978-1-5386-7840-4 | 0 | 0.34 |
References | Authors | |
6 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Luhang Xu | 1 | 0 | 0.68 |
Xian Zhang | 2 | 112 | 18.22 |
Liangze Yin | 3 | 26 | 9.47 |
Qiuxi Zhong | 4 | 4 | 1.08 |