Coverage-based Greybox Fuzzing with Pointer Monitoring for C Programs (ASE 2022 - Doctoral Symposium)

Write a Blog >>

Mon 10 - Fri 14 October 2022 Oakland Center, Michigan, United States

Who

Haibo Chen, Jinfu Chen

Track

ASE 2022 Doctoral Symposium

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 10 Oct 2022 10:00 - 10:30 at Gold B - Poster Session

Abstract

C has been regarded as a dominant programming language for system software implementation. Meanwhile, it often suffers from various memory vulnerabilities due to its low-level memory control. Quite massive approaches are proposed to enhance memory security, among which Coverage-based Greybox Fuzzing (CGF) is considered to be effective because of its practicality and satisfactory vulnerability detection ability. However, CGF identifies vulnerability based on the verification of detected crashes, thus cannot detect vulnerabilities with non-crash. In this paper, we consider to trace pointer metadata (status, bounds and referents) to detect more various vulnerabilities. Additionally, since pointers in C are often directly related to memory operations, we design two standards to further use pointer metadata as the guidance of CGF, make fuzzing process target to the vulnerable part of programs.

Haibo Chen

School of Computer Science and Communication Engineering, Jiangsu University

Jinfu Chen

Jiangsu University