Test method for the font parser in PDF viewers

doi:10.16511/j.cnki.qhdxxb.2018.26.013

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(1074 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract PDF files are portable and widely used, so they often host malware. Traditional PDF viewers fuzzing algorithms cannot work well due to their strict format validation. Also, existing file-format based grey-box fuzzing cannot be easily used to build a uniform data model because of the limits of its descrition language. This paper presents a method for generating test cases to test the font parser of PDF viewers. The system reconstructs the font files and adds supportive information to build a uniform data model for TrueType files. A fuzzer is built into the method and evaluated on more than twenty PDF viewers to identify several vulnerabilies. Tests show that this method can effectively generate test cases and detect bugs in PDF viewers.

Keywords PDF viewers fuzzing test cases generation TrueType font

ZTFLH:

TP309.2

Issue Date: 15 March 2018

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	ZHAO Gang
	YU Yue
	HUANG Minhuan
	WANG Yuying
	WANG Jiajie
	SUN Xiaoxia

Cite this article:

ZHAO Gang,YU Yue,HUANG Minhuan, et al. Test method for the font parser in PDF viewers[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(3): 266-271.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.26.013 OR http://jst.tsinghuajournals.com/EN/Y2018/V58/I3/266

[1] US-CERT Security Operations Center. National vulnerability database.. https://nvd.nist.gov/.
[2] WANG T L, WEI T, LIN Z Q, et al. IntScope:Automatically detecting integer overflow vulnerability in X86 binary using symbolic execution[C]//Proceedings of the 16th Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2009:1-14.
[3] WANG T L, WEI T, GU G F, et al. TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]//Proceedings of 2010 IEEE Symposium on Security and Privacy. Berkeley/Oakland, USA:IEEE, 2010:497-512.
[4] GODEFROID P, LEVIN M Y, MOLNAR D A. Automated whitebox fuzz testing[C]//Proceedings of the 15th Annual Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2008:1-16.
[5] GODEFROID P, KIEZUN A, LEVIN M Y. Grammar-based whitebox fuzzing[C]//Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation. Tucson, USA:ACM, 2008:206-215.
[6] GODEFROID P, LEVIN M Y, MOLNAR D A. SAGE:Whitebox fuzzing for security testing[J]. Communications of the ACM, 2012, 55(3):40-44.
[7] WANG X F, MA H T, JING L S. A dynamic marking method for implicit information flow in dynamic taint analysis[C]//Proceedings of the 8th International Conference on Security of Information and Networks. Sochi, Russia:ACM, 2015:275-282.
[8] ISAEV I K, SIDOROV D V. The use of dynamic analysis for generation of input data that demonstrates critical bugs and vulnerabilities in programs[J]. Programming and Computer Software, 2010, 36(4):225-236.
[9] STEPHENS N, GROSEN J, SALLS C, et al. Driller:Augmenting fuzzing through selective symbolic execution[C]//Proceedings of the Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2016:21-24.
[10] HOUSEHOLDER A D, FOOTE J M. Probability-based parameter selection for black-box fuzz testing[R]. Pittsburgh:CMU, 2012.
[11] CHEN T, ZHANG X S, GUO S Z, et al. State of the art:Dynamic symbolic execution for automated test generation[J]. Future Generation Computer Systems, 2013, 29(7):1758-1773.
[12] YIN H, GAI K K. An empirical study on preprocessing high-dimensional class-imbalanced data for classification[C]//Proceedings of the 17th International Conference on High Performance Computing and Communications. New York, USA:IEEE, 2015:1314-1319.
[13] REBERT A, CHA S K, AVGERINOS T, et al. Optimizing seed selection for fuzzing[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. San Diego, USA:USENIX Association Berkeley, 2014:861-875.
[14] YIN H, GAI K K, WANG Z J. A classification algorithm based on ensemble feature selections for imbalanced-class dataset[C]//Proceedings of the 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). New York, USA:IEEE, 2016:245-249.
[15] KARGEÉN U, SHAHMEHRI N. Turning programs against each other:High coverage fuzz-testing using binary-code mutation and dynamic slicing[C]//Proceedings of the 10th Joint Meeting on Foundations of Software Engineering. Bergamo, Italy:ACM, 2015:782-792.

[1]	ZHANG Mingyuan, WU Wei, SONG Yubo, HU Aiqun. Security level evaluation system for wireless local area network access devices[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(5): 371-379.
[2]	ZOU Quanchen, ZHANG Tao, WU Runpu, MA Jinxin, LI Meicong, CHEN Chen, HOU Changyu. From automation to intelligence: Survey of research on vulnerability discovery techniques[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(12): 1079-1094.
[3]	YI Shengwei, ZHANG Chongbin, XIE Feng, XIONG Qi, XIANG Chong, LIANG Lulu. Security analysis of industrial control network protocols based on Peach[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 50-54.
[4]	MA Jinxin, ZHANG Tao, LI Zhoujun, ZHANG Jiangxiao. Improved fuzzy analysis methods[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 478-483.
[5]	CUI Baojiang, WANG Fuwei, GUO Tao, LIU Benjin. Research of taint-analysis based API in-memory fuzzing tests[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 7-13.
[6]	Hongliang LIANG, Xiaoyu YANG, Yu DONG, Puhan ZHANG, Shuchang LIU. Parallel smart fuzzing test[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 14-19.

Viewed

Full text

Abstract

Cited

Shared

Discussed