BSFuzz: Branch-State Guided Hybrid Fuzzing-Reference-Cited by-同舟云学术

BSFuzz: Branch-State Guided Hybrid Fuzzing

Published:2023-09-25 Issue:19 Volume:12 Page:4033
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Hu Qi¹,Chen Weijia¹,Wang Zhi¹^ORCID,Lu Shuaibing²,Nie Yuanping²,Li Xiang²,Kuang Xiaohui²

Affiliation:

1. College of Cyber Science, Nankai University, Tianjin 300350, China

2. National Key Laboratory of Science and Technology on Information System Security, Beijing 100085, China

Abstract

Hybrid fuzzing is an automated software testing approach that synchronizes test cases between the fuzzer and the concolic executor to improve performance. The concolic executor solves path constraints to direct the fuzzer to explore the uncovered path. Despite many performance optimizations for hybrid fuzzing, we observe that the concolic executor often repeatedly performs constraint solving on branches with unsolvable constraints and branches covered by multiple test cases. This can cause significant computational redundancies. To be efficient, we propose BSFuzz, which keeps tracking the coverage state and solving state in a lightweight branch state map. BSFuzz synchronizes the current coverage state of all test cases from the fuzzer’s queue with the concolic executor in a timely manner to reduce constraint solving for high-frequency branches. It also records the branch-solving state during the concolic execution to reduce repeated solving of unsolvable branches. Guided by the coverage state and historical solving state, BSFuzz can efficiently discover and solve more branches. The experimental results with real-world programs demonstrate that BSFuzz can effectively increase the speed of the concolic executor and improve branch coverage.

Funder

Tianjin Key R&D Program

2019 Tianjin New Generation AI Technology Key Project

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/19/4033/pdf

Reference43 articles.

1. Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., and Vigna, G. (2016, January 21–24). Driller: Augmenting Fuzzing Through Selective Symbolic Execution. Proceedings of the 2016 Network and Distributed System Security Symposium, San Diego, CA, USA.

2. Yun, I., Lee, S., Xu, M., Jang, Y., and Kim, T. (2018, January 15–17). QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA.

3. Zhao, L., Duan, Y., Yin, H., and Xuan, J. (2019, January 24–27). Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. Proceedings of the 2019 Network and Distributed System Security Symposium, San Diego, CA, USA.

4. Jiang, L., Yuan, H., Wu, M., Zhang, L., and Zhang, Y. (2023, January 14–20). Evaluating and Improving Hybrid Fuzzing. Proceedings of the IEEE/ACM International Conference on Software Engineering, Melbourne, Australia.

5. Majumdar, R., and Sen, K. (2007, January 20–26). Hybrid Concolic Testing. Proceedings of the 29th International Conference on Software Engineering (ICSE’07), Minneapolis, MN, USA.