CRAXfuzz: Target-Aware Symbolic Fuzz Testing

Chao Chun Yeh; Hsiang Chung; Shih-Kun Huang

doi:10.1109/COMPSAC.2015.99

CRAXfuzz: Target-Aware Symbolic Fuzz Testing

Chao Chun Yeh, Hsiang Chung, Shih-Kun Huang

Center for Information Technology Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.

Original language	English
Title of host publication	Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015
Editors	Gang Huang, Jingwei Yang, Sheikh Iqbal Ahamed, Pao-Ann Hsiung, Carl K. Chang, William Chu, Ivica Crnkovic
Publisher	IEEE Computer Society
Pages	460-471
Number of pages	12
ISBN (Electronic)	9781467365635
DOIs	https://doi.org/10.1109/COMPSAC.2015.99
State	Published - 21 Sep 2015
Event	39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 - Taichung, Taiwan Duration: 1 Jul 2015 → 5 Jul 2015

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	2
ISSN (Print)	0730-3157

Conference

Conference	39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015
Country/Territory	Taiwan
City	Taichung
Period	1/07/15 → 5/07/15

Keywords

Fuzz testing
Software testing
Symbolic execution
Vulnerability

Access to Document

10.1109/COMPSAC.2015.99

Cite this

Yeh, C. C., Chung, H., & Huang, S-K. (2015). CRAXfuzz: Target-Aware Symbolic Fuzz Testing. In G. Huang, J. Yang, S. I. Ahamed, P-A. Hsiung, C. K. Chang, W. Chu, & I. Crnkovic (Eds.), Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015 (pp. 460-471). [7273654] (Proceedings - International Computer Software and Applications Conference; Vol. 2). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2015.99

Yeh, Chao Chun ; Chung, Hsiang ; Huang, Shih-Kun. / CRAXfuzz : Target-Aware Symbolic Fuzz Testing. Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015. editor / Gang Huang ; Jingwei Yang ; Sheikh Iqbal Ahamed ; Pao-Ann Hsiung ; Carl K. Chang ; William Chu ; Ivica Crnkovic. IEEE Computer Society, 2015. pp. 460-471 (Proceedings - International Computer Software and Applications Conference).

@inproceedings{7a91f124fd7c411690d36ef74bc5950e,

title = "CRAXfuzz: Target-Aware Symbolic Fuzz Testing",

abstract = "Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.",

keywords = "Fuzz testing, Software testing, Symbolic execution, Vulnerability",

author = "Yeh, {Chao Chun} and Hsiang Chung and Shih-Kun Huang",

year = "2015",

month = sep,

day = "21",

doi = "10.1109/COMPSAC.2015.99",

language = "English",

series = "Proceedings - International Computer Software and Applications Conference",

publisher = "IEEE Computer Society",

pages = "460--471",

editor = "Gang Huang and Jingwei Yang and Ahamed, {Sheikh Iqbal} and Pao-Ann Hsiung and Chang, {Carl K.} and William Chu and Ivica Crnkovic",

booktitle = "Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015",

address = "United States",

note = "39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015 ; Conference date: 01-07-2015 Through 05-07-2015",

}

Yeh, CC, Chung, H & Huang, S-K 2015, CRAXfuzz: Target-Aware Symbolic Fuzz Testing. in G Huang, J Yang, SI Ahamed, P-A Hsiung, CK Chang, W Chu & I Crnkovic (eds), Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015., 7273654, Proceedings - International Computer Software and Applications Conference, vol. 2, IEEE Computer Society, pp. 460-471, 39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015, Taichung, Taiwan, 1/07/15. https://doi.org/10.1109/COMPSAC.2015.99

CRAXfuzz: Target-Aware Symbolic Fuzz Testing. / Yeh, Chao Chun; Chung, Hsiang; Huang, Shih-Kun.
Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015. ed. / Gang Huang; Jingwei Yang; Sheikh Iqbal Ahamed; Pao-Ann Hsiung; Carl K. Chang; William Chu; Ivica Crnkovic. IEEE Computer Society, 2015. p. 460-471 7273654 (Proceedings - International Computer Software and Applications Conference; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - CRAXfuzz

T2 - 39th IEEE Annual Computer Software and Applications Conference, COMPSAC 2015

AU - Yeh, Chao Chun

AU - Chung, Hsiang

AU - Huang, Shih-Kun

PY - 2015/9/21

Y1 - 2015/9/21

N2 - Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.

AB - Vulnerabilities are caused by implementation bugs, such as buffer overflow, integer overflow, uncontrolled format strings, and command injection flaws. They are often exploited to intrude software systems. In order to reduce software bugs, testing techniques are proposed. The recent technique to discover security-related bugs is fuzz testing. However, traditional fuzzers can only find bugs when program exceptions, especially crashes, raised. Some security threats may pass these tests due to insufficient code coverage. In this paper, we introduce a software testing framework based on symbolic execution using S2E, a whole system symbolic execution engine. When a program executes our pre-defined security sensitive functions, such as malloc, strcpy or printf, our framework will initiate a triage process. The process will determine whether any related security vulnerabilities would possibly occur in these functions automatically. We successfully and efficiently reproduce 12 previously known vulnerabilities from normal input data within 100 seconds for large applications such as Tiff, VIM, and MPlayer. Our tool can help developers locate bugs faster, and improve the efficiency of software quality maintenance.

KW - Fuzz testing

KW - Software testing

KW - Symbolic execution

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=84962148490&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2015.99

DO - 10.1109/COMPSAC.2015.99

M3 - Conference contribution

AN - SCOPUS:84962148490

T3 - Proceedings - International Computer Software and Applications Conference

SP - 460

EP - 471

BT - Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015

A2 - Huang, Gang

A2 - Yang, Jingwei

A2 - Ahamed, Sheikh Iqbal

A2 - Hsiung, Pao-Ann

A2 - Chang, Carl K.

A2 - Chu, William

A2 - Crnkovic, Ivica

PB - IEEE Computer Society

Y2 - 1 July 2015 through 5 July 2015

ER -

Yeh CC, Chung H, Huang S-K. CRAXfuzz: Target-Aware Symbolic Fuzz Testing. In Huang G, Yang J, Ahamed SI, Hsiung P-A, Chang CK, Chu W, Crnkovic I, editors, Proceedings - 2015 IEEE 39th Annual Computer Software and Applications Conference, COMPSAC 2015. IEEE Computer Society. 2015. p. 460-471. 7273654. (Proceedings - International Computer Software and Applications Conference). doi: 10.1109/COMPSAC.2015.99

CRAXfuzz: Target-Aware Symbolic Fuzz Testing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this