WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats (ISSTA 2020 - Technical Papers)

Who

Andrea Fioraldi, Daniele Cono D'Elia, Emilio Coppa

Track

ISSTA 2020 Technical Papers

Time Zone

The program is currently displayed in (GMT-07:00) Tijuana, Baja California.

Use conference time zone: (GMT-07:00) Tijuana, Baja CaliforniaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 20 Jul 2020 10:50 - 11:10 at Zoom - FUZZING Chair(s): Rody Kersten

Abstract

Fuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed. Applications working with complex formats are however more difficult to take on, as inputs need to meet certain format-specific characteristics to get through the initial parsing stage and reach deeper behaviors of the program.

Unlike prior proposals based on manually written format specifications, we propose a technique to automatically generate and mutate inputs for unknown chunk-based binary formats. We identify dependencies between input bytes and comparison instructions, and use them to assign tags that characterize the processing logic of the program. Tags become the building block for structure-aware mutations involving chunks and fields of the input.

Our technique can perform comparably to structure-aware fuzzing proposals that require human assistance. Our prototype implementation WEIZZ revealed 16 unknown bugs in widely used programs.

Link to Preprint

https://andreafioraldi.github.io/assets/weizz-issta2020.pdf

DOI

https://doi.org/10.1145/3395363.3397372

Andrea Fioraldi

Sapienza University Rome

Italy

Daniele Cono D'Elia

Sapienza University of Rome

Italy

Emilio Coppa

Sapienza University of Rome, Italy

Italy

Video

Time Zone

The program is currently displayed in (GMT-07:00) Tijuana, Baja California.

Use conference time zone: (GMT-07:00) Tijuana, Baja CaliforniaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 20 Jul
Displayed time zone: Tijuana, Baja California change

10:50 - 11:50	FUZZINGTechnical Papers at Zoom Chair(s): Rody Kersten Synopsys, Inc. Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

10:50 20m Talk		WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats Technical Papers Andrea Fioraldi Sapienza University Rome, Daniele Cono D'Elia Sapienza University of Rome, Emilio Coppa Sapienza University of Rome, Italy DOI Pre-print Media Attached
11:10 20m Talk		Active Fuzzing for Testing and Securing Cyber-Physical Systems Technical Papers Yuqi Chen Singapore Management University, Bohan Xuan , Chris Poskitt Singapore Management University, Jun Sun Singapore Management University, Fan Zhang DOI Pre-print Media Attached
11:30 20m Talk		Learning Input Tokens for Effective Fuzzing Technical Papers Björn Mathis CISPA Helmholtz Center for Information Security, Rahul Gopinath CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information Security Link to publication DOI