Paper Info
Title
Hardware Support to Improve Fuzzing Performance and Precision
Abstract
ABSTRACTCoverage-guided fuzzing is considered one of the most efficient bug-finding techniques, given its number of bugs reported. However, coverage tracing provided by existing software-based approaches, such as source instrumentation and dynamic binary translation, can incur large overhead. Hindered by the significantly lowered execution speed, it also becomes less beneficial to improve coverage feedback by incorporating additional execution states. In this paper, we propose SNAP, a customized hardware platform that implements hardware primitives to enhance the performance and precision of coverage-guided fuzzing. By sitting at the bottom of the computer stack, SNAP leverages the existing CPU pipeline and micro-architectural features to provide coverage tracing and rich execution semantics with near-zero cost regardless of source code availability. Prototyped as a synthesized RISC-V BOOM processor on FPGA, SNAP incurs a barely 3.1% tracing overhead on the SPEC benchmarks while achieving a 228x higher fuzzing throughput than the existing software-based solution. Posing only a 4.8% area and 6.5% power overhead, SNAP is highly practical and can be adopted by existing CPU architectures with minimal changes.
Year
DOI
Venue
2021
10.1145/3460120.3484573
Computer and Communications Security
Keywords
DocType
Citations 
Hardware-assisted fuzzing, Feedback-driven fuzzing, RISC-V BOOM
Conference
0
PageRank 
References 
Authors
0.34
0
6
Name
Order
Citations
PageRank
Ren Ding1177.18
Yonghae Kim200.34
Fan Sang300.34
W. Xu430947.55
gururaj saileshwar5393.67
Taesoo Kim680951.85