Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling
Coverage-guided fuzzing is one of the most popular software testing techniques for vulnerability detection. While effective, current fuzzing methods suffer from significant performance penalty due to instrumentation overhead, which limits its practical use. Existing solutions improve the fuzzing speed by decreasing instrumentation overheads but sacrificing coverage accuracy, which results in unstable performance of vulnerability detection.
In this paper, we propose a coverage-sensitive tracing and scheduling framework Zeror that can improve the performance of existing fuzzers, especially in their speed and vulnerability detection. The Zeror is mainly made up of two parts: (1) a self-modifying tracing mechanism to provide a zero-overhead instrumentation for more effective coverage collection, and (2) a real-time scheduling mechanism to support adaptive switch between the zero-overhead instrumented binary and the fully instrumented binary for better vulnerability detection. In this way, Zeror is able to decrease collection overhead and preserve fine-grained coverage for guidance.
For evaluation, we implement a prototype of Zeror and evaluate it on Google fuzzer-test-suite, which consists of 24 widely-used applications. The results show that Zeror performs better than existing fuzzing speed-up frameworks such as Untracer and INSTRIM, improves the execution speed of the state-of-the-art fuzzers such as AFL and MOPT by 159.80%, helps them achieve better coverage (averagely 10.14% for AFL, 6.91% for MOPT) and detect vulnerabilities faster (averagely 29.00% for AFL, 46.99% for MOPT).
Thu 24 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time change
|01:10 - 01:30|
|Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once|
Yufeng ZhangCollege of Information Science and Engineering, Hunan University, Zhenbang ChenCollege of Computer, National University of Defense Technology, Changsha, PR China, Ziqi ShuaiNational University of Defense Technology, Tianqi ZhangNational University of Defense Technology, Kenli LiCollege of Information Science and Engineering, National Supercomputing Center in Changsha, Hunan University, Ji WangNational University of Defense TechnologyPre-print
|01:30 - 01:50|
|Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling|
|01:50 - 02:00|
|SRRTA: Regression Testing Acceleration via State Reuse|