| INFORMATION SECURITY |
|
|
|
|
|
Research of taint-analysis based API in-memory fuzzing tests |
| CUI Baojiang1, WANG Fuwei1,2, GUO Tao2, LIU Benjin2 |
1. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. China Information Technology Security Evaluation Center, Beijing 100085, China |
|
|
|
|
Abstract Fuzzing testing is widely utilized as an automatic solution to discover vulnerabilities in file-processing binary programs. Restricted by the high blindness and low code path coverage, fuzzing tests normally work quite inefficiently. An API in-memory fuzzing testing technique was developed to eliminate the blindness. The technique employs dynamic taint analysis to locate the routines and instructions which belong to the target binary executables and involve the input data parsing and processing. Within the testing phase, binary instrumentation was used to construct circulations around such routines, where the contained taint memory values were mutated in each loop. According to the experiments on the prototype tool, this technique can effectively detect defects such as stack overflows. The results also show that the API in-memory fuzzing testing eliminates the bottleneck of interrupting execution paths while gaining an over 95% enhancement of the execution speed in comparison with traditional fuzzing tools.
|
| Keywords
software testing
fuzzing testing
taint analysis
control-flow hijacking
|
|
|
|
Issue Date: 15 January 2016
|
|
|
[1] Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software [C]//Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005). New York: ACM, 2005.
[2] Schwartz E, Avgerinos T, Brumley T. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask) [C]//Proceedings of the IEEE Symposium on Security and Privacy. Washington DC: IEEE Computer Society, 2010: 317-331.
[3] WANG Tielei, WEI Tao, GU Guofei, et al. TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection [C]//ACM Transactions on Information and System Security (TISSEC). 2011, 14(2): 15:1-15:28.
[4] CUI Baojiang, WANG Fuwei, GUO Tao, et al. FlowWalker: A fast and precise off-line taint analysis framework [C]//Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies. Washington DC: IEEE Computer Society, 2013: 583-588.
[5] Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vulnerability Discovery [M]. Addison-Wesley Professional, 2007.
[6] Corelan Team.[EB/OL]. (2010-10-20). https://www.corelan.be/index.php/2010/10/20/in-memory-fuzzing/.
[7] Luk C, Cohn R, Muth R, et al. Pin: Building customized program analysis tools with dynamic instrumentation [C]//Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2005: 190-200.
[8] Oulu University Secure Programming Group. Radamsa[EB/OL].[2014-06-29]. https://www.ee.oulu.fi/research/ouspg/Radamsa.
[9] Eddington M. Peach Fuzzer[EB/OL]. (2014-06-07). http://sourceforge.net/projects/peachfuzz/. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
2016,
Vol. 56
