WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
Fuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed. Applications working with complex formats are however more difficult to take on, as inputs need to meet certain format-specific characteristics to get through the initial parsing stage and reach deeper behaviors of the program.
Unlike prior proposals based on manually written format specifications, we propose a technique to automatically generate and mutate inputs for unknown chunk-based binary formats. We identify dependencies between input bytes and comparison instructions, and use them to assign tags that characterize the processing logic of the program. Tags become the building block for structure-aware mutations involving chunks and fields of the input.
Our technique can perform comparably to structure-aware fuzzing proposals that require human assistance. Our prototype implementation WEIZZ revealed 16 unknown bugs in widely used programs.
Mon 20 JulDisplayed time zone: Tijuana, Baja California change
10:50 - 11:50
|WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats|
Andrea Fioraldi Sapienza University Rome, Daniele Cono D'Elia Sapienza University of Rome, Emilio Coppa Sapienza University of Rome, ItalyDOI Pre-print Media Attached
|Active Fuzzing for Testing and Securing Cyber-Physical Systems|
Yuqi Chen Singapore Management University, Bohan Xuan , Chris Poskitt Singapore Management University, Jun Sun Singapore Management University, Fan ZhangDOI Pre-print Media Attached
|Learning Input Tokens for Effective Fuzzing|
Björn Mathis CISPA Helmholtz Center for Information Security, Rahul Gopinath CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information SecurityLink to publication DOI