MemConFuzz: Memory Consumption Guided Fuzzing with Data Flow Analysis-Reference-Cited by-同舟云学术

MemConFuzz: Memory Consumption Guided Fuzzing with Data Flow Analysis

Published:2023-03-02 Issue:5 Volume:11 Page:1222
ISSN:2227-7390
Container-title:Mathematics
language:en
Short-container-title:Mathematics

Author:

Du Chunlai¹,Cui Zhijian¹,Guo Yanhui²^ORCID,Xu Guizhi¹,Wang Zhongru¹³

Affiliation:

1. School of Information Science and Technology, North China University of Technology, Beijing 100144, China

2. Department of Computer Science, University of Illinois Springfield, Springfield, IL 62703, USA

3. Chinese Academy of Cyberspace Studies, Beijing 100048, China

Abstract

Uncontrolled heap memory consumption, a kind of critical software vulnerability, is utilized by attackers to consume a large amount of heap memory and consequently trigger crashes. There have been few works on the vulnerability fuzzing of heap consumption. Most of them, such as MemLock and PerfFuzz, have failed to consider the influence of data flow. We proposed a heap memory consumption guided fuzzing model named MemConFuzz. It extracts the locations of heap operations and data-dependent functions through static data flow analysis. Based on the data dependency, we proposed a seed selection algorithm in fuzzing to assign more energy to the samples with higher priority scores. The experiment results showed that the MemConFuzz has advantages over AFL, MemLock, and PerfFuzz with more quantity and less time consumption in exploiting the vulnerability of heap memory consumption.

Funder

National Natural Science Foundation of China

National Key Research and Development Plan of China

Publisher

MDPI AG

Subject

General Mathematics,Engineering (miscellaneous),Computer Science (miscellaneous)

Link

https://www.mdpi.com/2227-7390/11/5/1222/pdf

Reference46 articles.

1. Zalewski, M. (2022, October 31). American Fuzzing Lop. Available online: https://lcamtuf.coredump.cx/afl/.

2. Wen, C., Wang, H., Li, Y., Qin, S., Liu, Y., Xu, Z., Chen, H., Xie, X., Pu, G., and Liu, T. (2020–19, January 27). Memlock: Memory usage guided fuzzing. Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, Republic of Korea.

3. Lemieux, C., Padhye, R., Sen, K., and Song, D. (2018, January 16–21). Perffuzz: Automatically generating pathological inputs. Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, Amsterdam, The Netherlands.

4. Rajpal, M., Blum, W., and Singh, R. (2017). Not all bytes are equal: Neural byte sieve for fuzzing. arXiv.

5. Godefroid, P., Peleg, H., and Singh, R. (November, January 30). Learn&fuzz: Machine learning for input fuzzing. Proceedings of the 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), Urbana, IL, USA.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. CtxFuzz: Discovering Heap-Based Memory Vulnerabilities Through Context Heap Operation Sequence Guided Fuzzing;Lecture Notes in Computer Science;2024