CBFuzzer: Fuzzy Detection of Program Defects Based on Execution Context Orientation and Protection Breakthrough

Tang Chenghua; Cai Weijia; Yang Mengmeng; Qiang Baohua

doi:10.7544/issn1000-1239.202330755

Journal of Computer Research and Development > 2025 > 62(3): 790-807. > DOI: 10.7544/issn1000-1239.202330755 CSTR: 32373.14.issn1000-1239.202330755

Tang Chenghua, Cai Weijia, Yang Mengmeng, Qiang Baohua. CBFuzzer: Fuzzy Detection of Program Defects Based on Execution Context Orientation and Protection Breakthrough[J]. Journal of Computer Research and Development, 2025, 62(3): 790-807. DOI: 10.7544/issn1000-1239.202330755

Citation:

PDF (1341 KB)

CBFuzzer: Fuzzy Detection of Program Defects Based on Execution Context Orientation and Protection Breakthrough

1.
Guangxi Key Laboratory of Trusted Software (Guilin University of Electronic Technology), Guilin, Guangxi 541004
2.
Data61, Commonwealth Scientific and Industrial Research Organization, Melbourne, Australia 3168
3.
Guangxi Cloud Computing and Big Data Collaborative Innovation Center (Guilin University of Electronic Technology), Guilin, Guangxi 541004

Funds: This work was supported by the National Natural Science Foundation of China (62062028, 62262006), the Guangxi Natural Science Foundation of China (2018GXNSFAA294058), the Project of Guangxi Key Laboratory of Trusted Software (KX202320), and the Innovation Project of Guangxi Graduate Education (YCSW2023295).

More Information

Author Bio:
Tang Chenghua: born in 1974. PhD, professor. Member of CCF. His main research interests include network information security, software code audit, and security policy analysis

Cai Weijia: born in 1997. Master. His main research interests include network information security and code analysis

Yang Mengmeng: born in 1988. PhD. Her main research interests include network information security, privacy preserving, and data mining

Qiang Baohua: born in 1972. PhD, professor, PhD supervisor. Member of CCF. His main research interests include detection and analysis of network behavior, and data mining
Received Date: September 19, 2023
Revised Date: April 28, 2024
Accepted Date: May 23, 2024
Available Online: June 30, 2024

Graphical Abstract

Abstract

Abstract

A large number of application practices have proven the effectiveness of fuzzy testing to detect program vulnerabilities. The existing fuzzy testing methods lack the analysis of differences in performance specific to the testing tasks and adjust testing policies appropriately. Instead, they mostly adopt a unified process, resulting in unsatisfactory testing results. It is necessary to modify the policy based on specific information during the testing process to achieve better testing performance, and a new program defect fuzzy testing method based on execution context orientation is proposed, which can break through the protection mechanism. By capturing and analyzing specific contextual information during the actual processing of input test cases by the tested program, and achieving rapid exploration of program structural features, the sample mutation policy can be optimized. Meanwhile, a prototype tool CBFuzzer for program defect fuzzy detection based on execution context orientation is implemented. The experimental results indicate that CBFuzzer can effectively explore the internal structure of programs (including breakthroughs in protection mechanisms), simulate unconventional program state transitions, and more efficiently expose vulnerability points. By comparison, CBFuzzer shows improvements ranging from 6.8% to 36.76% in terms of vulnerability exposure, with the highest increase in the number of actual vulnerabilities detected reaching up to 66.67%. With the investment of a small amount of additional testing resources within an acceptable range, CBFuzzer not only achieves improved detection performance for regular types of vulnerabilities but also exhibits higher detection capabilities for vulnerabilities with strong concealment. As of August 10, 2023, a total of 126 new vulnerabilities have been identified through the utilization of CBFuzzer in 13 testing tasks (reported to related software developers and submitted to CVE^® organization).
- program defect,
- execution context,
- protection mechanism,
- fuzzy testing,
- vulnerability detection

FullText(HTML)

References (47)

References

[1]	Ribeiro V V, Cruzes D S, Travassos G H. Moderator factors of software security and performance verification[J]. Journal of Systems and Software, 2022, 184: 111137 doi: 10.1016/j.jss.2021.111137
[2]	任泽众,郑晗,张嘉元,等. 模糊测试技术综述[J]. 计算机研究与发展,2021,58(5):944−963 Ren Zezhong, Zheng Han, Zhang Jiayuan, et al. A review of fuzzing techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944−963 (in Chinese)
[3]	Peng Hui, Shoshitaishvili Y, Payer M. T-Fuzz: Fuzzing by program transformation[C]//Proc of the 39th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2018: 697−710
[4]	Wang Wenpeng, Chen Zhixiang, Zheng Ziyang, et al. An adaptive fuzzing method based on transformer and protocol similarity mutation[J]. Computers and Security, 2023, 129: 103197 doi: 10.1016/j.cose.2023.103197
[5]	Wu Qingyang, Ning Yuqiao, Guo Zhen, et al. A reflective XSS vulnerability detection method based on fuzzing test[C]//Proc of the Int Conf on Algorithms, Data Mining, and Information Technology. Piscataway, NJ: IEEE, 2022: 25−31
[6]	Weng Le, Feng Chao, Shi Zhiyuan, et al. FASSFuzzer-An automated vulnerability detection system for android system services[J]. Journal of Computers (Taiwan), 2022, 22(2): 189−200
[7]	Moukahal L J, Zulkernine M, Soukup M. Vulnerability-oriented fuzz testing for connected autonomous vehicle systems[J]. IEEE Transactions on Reliability, 2021, 70(4): 1422−1437 doi: 10.1109/TR.2021.3112538
[8]	Shu Zhan, Yang Guanhua. IoTInfer: Automated blackbox fuzz testing of IoT network protocols guided by finite state machine inference[J]. IEEE Internet of Things Journal, 2022, 9(22): 22737−22751 doi: 10.1109/JIOT.2022.3182589
[9]	Alsaedi A, Alhuzal A, Bamasag O. Black-box fuzzing approaches to secure Web applications: Survey[J]. International Journal of Advanced Computer Science and Applications, 2021, 12(5): 849−855
[10]	Borzacchiello L, Coppa E, Demetrescu C. FUZZOLIC: Mixing fuzzing and concolic execution[J]. Computers and Security, 2021, 108: 102368 doi: 10.1016/j.cose.2021.102368
[11]	Le H M. KLUZZER: Whitebox fuzzing on top of LLVM [G]//LNCS 11781: Proc of the 17th Int Symp on Automated Technology for Verification and Analysis. Berlin: Springer, 2019: 246−252
[12]	Pham V T, Bohme M, Santosa A E, et al. Smart greybox fuzzing[J]. IEEE Transactions on Software Engineering, 2021, 47(9): 1980−1997
[13]	Situ L Y, Zuo Zhiqiang, Guan Le, et al. Vulnerable region-aware greybox fuzzing[J]. Journal of Computer Science and Technology, 2021, 36(5): 1212−1228 doi: 10.1007/s11390-021-1196-0
[14]	Österlund S, Razavi K, Bos H, et al. Parmesan: Sanitizer-guided greybox fuzzing[C]//Proc of the 29th USENIX Security Symp. Berkeley, CA: USENIX Association, 2020: 2289−2306
[15]	Zheng Wei, Deng Peiran, Gui Kui, et al. An abstract syntax tree based static fuzzing mutation for vulnerability evolution analysis[J]. Information and Software Technology, 2023, 158: 107194 doi: 10.1016/j.infsof.2023.107194
[16]	马锐,贺金媛,王雪霏,等. 基于汤普森采样的模糊测试用例变异方法[J]. 北京理工大学学报,2020,40(12):1307−1313 Ma Rui, He Jinyuan, Wang Xuefei, et al. Mutation scheme for fuzzing based on Thompson sampling[J]. Transactions of Beijing Institute of Technology, 2020, 40(12): 1307−1313 (in Chinese)
[17]	Pang Chengbin, Liu Hongbin, Wang Yifan, et al. Generation-based fuzzing? Don't build a new generator, reuse![J]. Computers and Security, 2023, 129: 103178 doi: 10.1016/j.cose.2023.103178
[18]	Li Yuekang, Chen Bihuan, Chandramohan M, et al. Steelix: Program-state based binary fuzzing[C]//Proc of the 11th Joint Meeting on Foundations of Software Engineering. New York: ACM, 2017: 627−637
[19]	Lemieux C, Sen K. FairFuzz-TC: A fuzzer targeting rare branches[J]. International Journal on Software Tools for Technology Transfer, 2021, 23(6): 863−866 doi: 10.1007/s10009-020-00569-w
[20]	Wang Tielei, Wei Tao, Gu Guofei, et al. TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]//Proc of the 31st IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2010: 497−512
[21]	Li Tiankai, Li Jianping, He Xi. An improvement of AFL based on the function call depth[C]//Proc of the 18th Int Computer Conf on Wavelet Active Media Technology and Information Processing. Piscataway, NJ: IEEE, 2021: 440−445
[22]	Liu Yinxi, Meng Wei. DSFuzz: Detecting deep state bugs with dependent state exploration[C]//Proc of the 30th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2023: 1242−1256
[23]	肖天,江智昊,唐鹏,等. 基于深度强化学习的高性能导向性模糊测试方案[J]. 网络与信息安全学报,2023,9(2):132−142 Xiao Tian, Jiang Zhihao, Tang Peng, et al. High-performance directional fuzzing scheme based on deep reinforcement learning[J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132−142 (in Chinese)
[24]	谢肖飞,李晓红,陈翔,等. 基于符号执行与模糊测试的混合测试方法[J]. 软件学报,2019,30(10):3071−3089 Xie Xiaofei, Li Xiaohong, Chen Xiang, et al. Hybrid testing based on symbolic execution and fuzzing[J]. Journal of Software, 2019, 30(10): 3071−3089 (in Chinese)
[25]	Wang Rong, Liu Shaoying, Sato Yuji. SIT-SE: A specification-based incremental testing method with symbolic execution[J]. IEEE Transactions on Reliability, 2021, 70(3): 1053−1070 doi: 10.1109/TR.2021.3078714
[26]	Noller Y, Kersten R, Pasareanu C S. Badger: Complexity analysis with fuzzing and symbolic execution[C]//Proc of the 27th ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2018: 322−332
[27]	Ognawala S, Kilger F, Pretschner A. Compositional fuzzing aided by targeted symbolic execution[J]. arXiv preprint, arXiv:1903.02981, 2019
[28]	Sargsyan S, Hakobyan J, Nersisyan L, et al. Improving fuzzing efficiency based on extracted constant values[C]//Proc of the 2022 Ivannikov Open Conf. Piscataway, NJ: IEEE, 2022: 81−85
[29]	Huang Heqing, Guo Yiyuan, Shi Qingkai, et al. BEACON: Directed grey-box fuzzing with provable path pruning[C]//Proc of the 43rd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2022: 36−50
[30]	刘华渊,苏云飞,李瑞林,等. 结构状态覆盖导向的灰盒模糊测试技术[J]. 西安电子科技大学学报,2021,48(1):117−123 Liu Huayuan, Su Yunfei, Li Ruilin, et al. Structure-statebased graybox fuzzing technique[J]. Journal of Xidian University, 2021, 48(1): 117−123 (in Chinese)
[31]	Zalewski M. American fuzzy lop (2.52b)[EB/OL]. [2023-06-12]. https://lcamtuf.coredump.cx/afl
[32]	Zhou Xu, Wang Pengfei, Liu Chenyifan, et al. UltraFuzz: Towards resource-saving in distributed fuzzing[J]. IEEE Transactions on Software Engineering, 2023, 49(4): 2394−2412 doi: 10.1109/TSE.2022.3219520
[33]	Miyaki R, Yoshida N, Tsuzuki N, et al. Fuzz4B: A support tool for fuzzing with AFL[J]. Computer Software, 2022, 39(2): 124−142
[34]	Ding Zhenyu, Le Goues C. An empirical study of OSS-Fuzz bugs[C]//Proc of the 18th IEEE/ACM Int Conf on Mining Software Repositories. Piscataway, NJ: IEEE, 2021: 131−142
[35]	LLVM Project. LibFuzzer―A library for coverage-guided fuzz testing[EB/OL]. [2023-06-13]. https://llvm.org/docs/LibFuzzer.html
[36]	Google. Honggfuzz[EB/OL]. [2023-05-28]. https://github.com/google/honggfuzz
[37]	Godefroid P, Levin M Y, Molnar D. SAGE: Whitebox fuzzing for security testing[J]. Communications of the ACM, 2012, 55(3): 40−44 doi: 10.1145/2093548.2093564
[38]	Microsoft. OneFuzz[EB/OL]. [2023-06-10]. https://github.com/microsoft/onefuzz
[39]	王明哲,姜宇,孙家广. 模糊测试中的静态插桩技术[J]. 计算机研究与发展,2023,60(2):262−273 Wang Mingzhe, Jiang Yu, Sun Jiaguang. Static instrumentation techniques in fuzzing testing[J]. Journal of Computer Research and Development, 2023, 60(2): 262−273 (in Chinese)
[40]	Engelke A, Schulz M. Instrew: Leveraging LLVM for high performance dynamic binary instrumentation[C]//Proc of the 16th ACM SIGPLAN/SIGOPS Int Conf on Virtual Execution Environments. New York: ACM, 2020: 172−184
[41]	申莹珠,顾纯祥,陈熹,等. 基于模型学习的OpenVPN系统脆弱性分析[J]. 软件学报,2019,30(12):3750−3764 Shen Yingzhu, Gu Chunxiang, Chen Xi, et al. Vulnerability analysis of OpenVPN system based on model learning[J]. Journal of Software, 2019, 30(12): 3750−3764 (in Chinese)
[42]	Doupé A, Cavedon L, Kruegel C, et al. Enemy of the state: A state-aware black-box web vulnerability scanner[C]//Proc of the 21st USENIX Security Symp. Berkeley, CA: USENIX Association, 2012: 523−538
[43]	Alexi T, Pierre D B, Filip K, et al. Signatr: A data-driven fuzzing tool for R[C]//Proc of the 15th ACM SIGPLAN Int Conf on Software Language Engineering. New York: ACM, 2022: 216−221
[44]	Cheng Yixuan, Fan Wenqing, Huang Wei, et al. PDFuzzerGen: Policy-driven black-box fuzzer generation for smart devices[J]. Security and Communication Networks, 2022, 2022: 9788219
[45]	Redini N, Continella A, Das D, et al. Diane: Identifying fuzzing triggers in apps to generate under-constrained inputs for IoT devices[C]//Proc of the 42nd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2021: 484−500
[46]	Liu Xiaolong, Wei Qiang, Wang Qingxian, et al. CAFA: A checksum-aware fuzzing assistant tool for coverage improvement[J]. Security and Communication Networks, 2018, 2018: 9071065
[47]	Lyu C, Ji Shouling, Zhang Chao, et al. MOPT: Optimized mutation scheduling for fuzzers[C]//Proc of the 28th USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 1949−1966

[1]	Chen Xiaoquan, Liu Jian, Xia Xiangyu, Zhou Shaoxiang. A Vulnerability Detection Approach Based on Comparative Learning[J]. Journal of Computer Research and Development, 2023, 60(9): 2152-2168. DOI: 10.7544/issn1000-1239.202220140
[2]	Li Hangyu, Fang Haoran, Qu Yanwen, Guo Fan. ADFuzz: Using Anomaly Detection to Filter Rare Paths for Efficient Fuzzing[J]. Journal of Computer Research and Development, 2023, 60(8): 1912-1924. DOI: 10.7544/issn1000-1239.202111238
[3]	Yang Yi, Li Ying, Chen Kai. Vulnerability Detection Methods Based on Natural Language Processing[J]. Journal of Computer Research and Development, 2022, 59(12): 2649-2666. DOI: 10.7544/issn1000-1239.20210627
[4]	Zhang Lei, Yang Zhemin, Li Mingqi, Yang Min. TipTracer: Detecting Android Application Vulnerabilities Based on the Compliance with Security Guidance[J]. Journal of Computer Research and Development, 2019, 56(11): 2315-2329. DOI: 10.7544/issn1000-1239.2019.20190348
[5]	Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572
[6]	Liu Qixu, Wen Tao, Wen Guanxing. Detection of XSS Vulnerabilities in Online Flash[J]. Journal of Computer Research and Development, 2014, 51(7): 1624-1632.
[7]	Yang Dingning, Xiao Hui, and Zhang Yuqing. Vulnerability Detection in ActiveX Controls Based on Fuzzing Technology[J]. Journal of Computer Research and Development, 2012, 49(7): 1525-1532.
[8]	Wang Lei, Chen Gui, and Jin Maozhong. Detection of Code Vulnerabilities via Constraint-Based Analysis and Model Checking[J]. Journal of Computer Research and Development, 2011, 48(9): 1659-1666.
[9]	Hu Chaojian, Li Zhoujun, Guo Tao, Shi Zhiwei. Detecting the Vulnerability Pattern of Writing Tainted Value to Tainted Address[J]. Journal of Computer Research and Development, 2011, 48(8): 1455-1463.
[10]	Nie Chujiang, Zhao Xianfeng, Chen Kai, Han Zhengqing. An Software Vulnerability Number Prediction Model Based on Micro-Parameters[J]. Journal of Computer Research and Development, 2011, 48(7): 1279-1287.