In-Vivo Fuzz Testing for Network Services

Wen Yang Lai, Kun Che Tsai, Che Chen, Yu Sung Wu

研究成果: Conference contribution同行評審


Fuzz testing is typically carried out by running the target program and the fuzzing engine offline in a lab environment. The environment setup may depend on specialized test harness code to activate the target program and inject the test data. Also, due to the vast program state space, domain knowledge-dependent optimization is often needed in the environment setup to achieve reasonably efficient fuzz testing. We propose In-Vivo Fuzzing to alleviate the burdens by performing online fuzz testing on live programs. In-Vivo Fuzzing hooks I/O library calls in a live program to collect test seeds. Upon request, the In-Vivo Runtime will create a fork of the target program and carry out fuzz testing on the forked process. The runtime states from the live program provide a vantage point to start the fuzzing process, and the test seeds collected from the live workload also facilitate the generation of effective test inputs. We applied In-Vivo Fuzzing to network service programs and implemented a prototype on top of the AFL fuzzer. Experiment results indicate that In-Vivo Fuzzing can reach vulnerabilities in real-world programs much more quickly than the baseline. We also demonstrate the potential application of In-Vivo Fuzzing in detecting unknown attacks, where live attack states are captured and amplified through fuzz testing.

主出版物標題Proceedings - 41st International Symposium on Reliable Distributed Systems, SRDS 2022
發行者IEEE Computer Society
出版狀態Published - 2022
事件41st International Symposium on Reliable Distributed Systems, SRDS 2022 - Vienna, Austria
持續時間: 19 9月 202222 9月 2022


名字Proceedings of the IEEE Symposium on Reliable Distributed Systems


Conference41st International Symposium on Reliable Distributed Systems, SRDS 2022


深入研究「In-Vivo Fuzz Testing for Network Services」主題。共同形成了獨特的指紋。