Parallel fuzzing, which utilizes multicore computers to accelerate the fuzzing process, has been widely used in industrial-scale software defect detection. However, specifying efficient parallel fuzzing strategies for programs with different characteristics is challenging due to the difficulty of reasoning about fuzzing runtime statically. Existing efforts still use pre-defined tactics for various programs, resulting in suboptimal performance.
In this paper, we propose KraKen, a new program-adaptive parallel fuzzer that improves fuzzing efficiency through dynamic strategy optimization. The key insight is that the inefficiency in parallel fuzzing can be observed during runtime through various feedbacks, such as code coverage changes, which allows us to adjust the adopted strategy to avoid inefficient path searching, thus gradually approximating the optimal policy. Based on the above insight, our key idea is to view the task of finding the optimal strategy as an optimization problem and gradually approach the best program-specific strategy on the fly by maximizing certain objective functions. We have implemented Kraken in C/C++ and evaluated it on 19 real-world programs against 6 state-of-the-art parallel fuzzers. Experimental results show that Kraken can achieve 54.7% more code coverage and find 70.2% more bugs in the given time. Moreover, Kraken has found 192 bugs in 37 popular open-source projects, and 119 of them are assigned with CVE IDs.
Wed 25 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 17:15 | |||
16:00 25mTalk | xFUZZ: A Flexible Framework for Fine-Grained, Runtime-Adaptive Fuzzing Strategy Composition Research Papers DongSong Yu Zhongguancun Laboratory, Yiyi Wang Tsinghua University, Huazhong University of Science and Technology, Chao Zhang Tsinghua University, Yang Lan , Zhiyuan Jiang National University of Defense Technology, Shuitao Gan Labortory for Advanced Computing and Intelligence Engineering, Zheyu Ma Tsinghua University, Wende Tan Tsinghua University DOI | ||
16:25 25mTalk | KRAKEN: Program-Adaptive Parallel Fuzzing Research Papers Anshunkang Zhou Hong Kong University of Science and Technology, Heqing Huang City University of Hong Kong, Charles Zhang Hong Kong University of Science and Technology DOI Pre-print | ||
16:50 25mTalk | Quantum Concolic Testing Research Papers Shangzhou Xia Kyushu University, Jianjun Zhao Kyushu University, Fuyuan Zhang Kyushu University, Xiaoyu Guo Kyushu University DOI |
Cosmos 3A is the first room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.