Test method for the font parser in PDF viewers

ZHAO Gang; YU Yue; HUANG Minhuan; WANG Yuying; WANG Jiajie; SUN Xiaoxia

doi:10.16511/j.cnki.qhdxxb.2018.26.013

PDF(1074 KB)

Journal of Tsinghua University(Science and Technology) ›› 2018, Vol. 58 ›› Issue (3) : 266-271. DOI: 10.16511/j.cnki.qhdxxb.2018.26.013

COMPUTER SCIENCE AND TECHNOLOGY

Test method for the font parser in PDF viewers

{{article.zuoZhe_EN}}

Author information +

History +

Abstract

PDF files are portable and widely used, so they often host malware. Traditional PDF viewers fuzzing algorithms cannot work well due to their strict format validation. Also, existing file-format based grey-box fuzzing cannot be easily used to build a uniform data model because of the limits of its descrition language. This paper presents a method for generating test cases to test the font parser of PDF viewers. The system reconstructs the font files and adds supportive information to build a uniform data model for TrueType files. A fuzzer is built into the method and evaluated on more than twenty PDF viewers to identify several vulnerabilies. Tests show that this method can effectively generate test cases and detect bugs in PDF viewers.

Key words

PDF viewers / fuzzing / test cases generation / TrueType font

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

ZHAO Gang, YU Yue, HUANG Minhuan, WANG Yuying, WANG Jiajie, SUN Xiaoxia. Test method for the font parser in PDF viewers[J]. Journal of Tsinghua University(Science and Technology). 2018, 58(3): 266-271 https://doi.org/10.16511/j.cnki.qhdxxb.2018.26.013

References

[1] US-CERT Security Operations Center. National vulnerability database.. https://nvd.nist.gov/.
[2] WANG T L, WEI T, LIN Z Q, et al. IntScope:Automatically detecting integer overflow vulnerability in X86 binary using symbolic execution[C]//Proceedings of the 16th Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2009:1-14.
[3] WANG T L, WEI T, GU G F, et al. TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]//Proceedings of 2010 IEEE Symposium on Security and Privacy. Berkeley/Oakland, USA:IEEE, 2010:497-512.
[4] GODEFROID P, LEVIN M Y, MOLNAR D A. Automated whitebox fuzz testing[C]//Proceedings of the 15th Annual Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2008:1-16.
[5] GODEFROID P, KIEZUN A, LEVIN M Y. Grammar-based whitebox fuzzing[C]//Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation. Tucson, USA:ACM, 2008:206-215.
[6] GODEFROID P, LEVIN M Y, MOLNAR D A. SAGE:Whitebox fuzzing for security testing[J]. Communications of the ACM, 2012, 55(3):40-44.
[7] WANG X F, MA H T, JING L S. A dynamic marking method for implicit information flow in dynamic taint analysis[C]//Proceedings of the 8th International Conference on Security of Information and Networks. Sochi, Russia:ACM, 2015:275-282.
[8] ISAEV I K, SIDOROV D V. The use of dynamic analysis for generation of input data that demonstrates critical bugs and vulnerabilities in programs[J]. Programming and Computer Software, 2010, 36(4):225-236.
[9] STEPHENS N, GROSEN J, SALLS C, et al. Driller:Augmenting fuzzing through selective symbolic execution[C]//Proceedings of the Network and Distributed System Security Symposium. San Diego, USA:Internet Society, 2016:21-24.
[10] HOUSEHOLDER A D, FOOTE J M. Probability-based parameter selection for black-box fuzz testing[R]. Pittsburgh:CMU, 2012.
[11] CHEN T, ZHANG X S, GUO S Z, et al. State of the art:Dynamic symbolic execution for automated test generation[J]. Future Generation Computer Systems, 2013, 29(7):1758-1773.
[12] YIN H, GAI K K. An empirical study on preprocessing high-dimensional class-imbalanced data for classification[C]//Proceedings of the 17th International Conference on High Performance Computing and Communications. New York, USA:IEEE, 2015:1314-1319.
[13] REBERT A, CHA S K, AVGERINOS T, et al. Optimizing seed selection for fuzzing[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. San Diego, USA:USENIX Association Berkeley, 2014:861-875.
[14] YIN H, GAI K K, WANG Z J. A classification algorithm based on ensemble feature selections for imbalanced-class dataset[C]//Proceedings of the 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). New York, USA:IEEE, 2016:245-249.
[15] KARGEÉN U, SHAHMEHRI N. Turning programs against each other:High coverage fuzz-testing using binary-code mutation and dynamic slicing[C]//Proceedings of the 10th Joint Meeting on Foundations of Software Engineering. Bergamo, Italy:ACM, 2015:782-792.