Taint-based Directed Whitebox Fuzzing
Name
Ganesh-2009-Taint-based directed whitebox fuzzing.pdf
Size
171.3 KB
Format
Adobe PDF
Checksum (MD5)
6a142d4f053823aab21cf0e071bd470c
Author(s) • •
Rinard, Martin C.
Ganesh, Vijay
Leek, Tim
Date Issued
June 2009
Journal
IEEE 31st International Conference on Software Engineering, 2009. ICSE 2009
Publisher
Institute of Electrical and Electronics Engineers
Citation
Ganesh, V., T. Leek, and M. Rinard. “Taint-based directed whitebox fuzzing.” Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on. 2009. 474-484. ©2009 Institute of Electrical and Electronics Engineers.
Version
Final published version
Abstract
We present a new automated white box fuzzing technique and a tool, BuzzFuzz, that implements this technique. Unlike standard fuzzing techniques, which randomly change parts of the input file with little or no information about the underlying syntactic structure of the file, BuzzFuzz uses dynamic taint tracing to automatically locate regions of original seed input files that influence values used at key program attack points (points where the program may contain an error). BuzzFuzz then automatically generates new fuzzed test input files by fuzzing these identified regions of the original seed input files. Because these new test files typically preserve the underlying syntactic structure of the original seed input files, they tend to make it past the initial input parsing components to exercise code deep within the semantic core of the computation. We have used BuzzFuzz to automatically find errors in two open-source applications: Swfdec (an Adobe Flash player) and MuPDF (a PDF viewer). Our results indicate that our new directed fuzzing technique can effectively expose errors located deep within large programs. Because the directed fuzzing technique uses taint to automatically discover and exploit information about the input file format, it is especially appropriate for testing programs that have complex, highly structured input file formats.
MIT Department
Lincoln Laboratory
Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Terms of Use
Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use.
Persistent DSpace Link
DOI of Published Version
http://dx.doi.org/10.1109/ICSE.2009.5070546