摘要
Fuzzing is known to be one of the most effective techniques to uncover security vulnerabilities of large-scale software systems.During fuzzing,it is crucial to distribute the fuzzing resource appropriately so as to achieve the best fuzzing performance under a limited budget.Existing distribution strategies of American Fuzzy Lop(AFL)based greybox fuzzing focus on increasing coverage blindly without considering the metrics of code regions,thus lacking the insight regarding which region is more likely to be vulnerable and deserves more fuzzing resources.We tackle the above drawback by proposing a vulnerable region-aware greybox fuzzing approach.Specifically,we distribute more fuzzing resources towards regions that are more likely to be vulnerable based on four kinds of code metrics.We implemented the approach as an extension to AFL named RegionFuzz.Large-scale experimental evaluations validate the effectiveness and efficiency of RegionFuzz-11 new bugs including three new CVEs are successfully uncovered by RegionFuzz.
基金
(partially)supported by the National Key Research and Development Program of China under Grant No.2017YFA0700604
the National Natural Science Foundation of China under Grant Nos.62032010 and 61802168
the Leading-Edge Technology Program of Jiangsu Natural Science Foundation under Grant No.BK20202001
the 2021 Double Entrepreneurship Big Data and Theoretical Research Project of Nanjing University.
