Citation: | Tang Chenghua, Cai Weijia, Yang Mengmeng, Qiang Baohua. CBFuzzer: Fuzzy Detection of Program Defects Based on Execution Context Orientation and Protection Breakthrough[J]. Journal of Computer Research and Development, 2025, 62(3): 790-807. DOI: 10.7544/issn1000-1239.202330755 |
A large number of application practices have proven the effectiveness of fuzzy testing to detect program vulnerabilities. The existing fuzzy testing methods lack the analysis of differences in performance specific to the testing tasks and adjust testing policies appropriately. Instead, they mostly adopt a unified process, resulting in unsatisfactory testing results. It is necessary to modify the policy based on specific information during the testing process to achieve better testing performance, and a new program defect fuzzy testing method based on execution context orientation is proposed, which can break through the protection mechanism. By capturing and analyzing specific contextual information during the actual processing of input test cases by the tested program, and achieving rapid exploration of program structural features, the sample mutation policy can be optimized. Meanwhile, a prototype tool CBFuzzer for program defect fuzzy detection based on execution context orientation is implemented. The experimental results indicate that CBFuzzer can effectively explore the internal structure of programs (including breakthroughs in protection mechanisms), simulate unconventional program state transitions, and more efficiently expose vulnerability points. By comparison, CBFuzzer shows improvements ranging from 6.8% to 36.76% in terms of vulnerability exposure, with the highest increase in the number of actual vulnerabilities detected reaching up to 66.67%. With the investment of a small amount of additional testing resources within an acceptable range, CBFuzzer not only achieves improved detection performance for regular types of vulnerabilities but also exhibits higher detection capabilities for vulnerabilities with strong concealment. As of August 10, 2023, a total of 126 new vulnerabilities have been identified through the utilization of CBFuzzer in 13 testing tasks (reported to related software developers and submitted to CVE® organization).
[1] |
Ribeiro V V, Cruzes D S, Travassos G H. Moderator factors of software security and performance verification[J]. Journal of Systems and Software, 2022, 184: 111137 doi: 10.1016/j.jss.2021.111137
|
[2] |
任泽众,郑晗,张嘉元,等. 模糊测试技术综述[J]. 计算机研究与发展,2021,58(5):944−963
Ren Zezhong, Zheng Han, Zhang Jiayuan, et al. A review of fuzzing techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944−963 (in Chinese)
|
[3] |
Peng Hui, Shoshitaishvili Y, Payer M. T-Fuzz: Fuzzing by program transformation[C]//Proc of the 39th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2018: 697−710
|
[4] |
Wang Wenpeng, Chen Zhixiang, Zheng Ziyang, et al. An adaptive fuzzing method based on transformer and protocol similarity mutation[J]. Computers and Security, 2023, 129: 103197 doi: 10.1016/j.cose.2023.103197
|
[5] |
Wu Qingyang, Ning Yuqiao, Guo Zhen, et al. A reflective XSS vulnerability detection method based on fuzzing test[C]//Proc of the Int Conf on Algorithms, Data Mining, and Information Technology. Piscataway, NJ: IEEE, 2022: 25−31
|
[6] |
Weng Le, Feng Chao, Shi Zhiyuan, et al. FASSFuzzer-An automated vulnerability detection system for android system services[J]. Journal of Computers (Taiwan), 2022, 22(2): 189−200
|
[7] |
Moukahal L J, Zulkernine M, Soukup M. Vulnerability-oriented fuzz testing for connected autonomous vehicle systems[J]. IEEE Transactions on Reliability, 2021, 70(4): 1422−1437 doi: 10.1109/TR.2021.3112538
|
[8] |
Shu Zhan, Yang Guanhua. IoTInfer: Automated blackbox fuzz testing of IoT network protocols guided by finite state machine inference[J]. IEEE Internet of Things Journal, 2022, 9(22): 22737−22751 doi: 10.1109/JIOT.2022.3182589
|
[9] |
Alsaedi A, Alhuzal A, Bamasag O. Black-box fuzzing approaches to secure Web applications: Survey[J]. International Journal of Advanced Computer Science and Applications, 2021, 12(5): 849−855
|
[10] |
Borzacchiello L, Coppa E, Demetrescu C. FUZZOLIC: Mixing fuzzing and concolic execution[J]. Computers and Security, 2021, 108: 102368 doi: 10.1016/j.cose.2021.102368
|
[11] |
Le H M. KLUZZER: Whitebox fuzzing on top of LLVM [G]//LNCS 11781: Proc of the 17th Int Symp on Automated Technology for Verification and Analysis. Berlin: Springer, 2019: 246−252
|
[12] |
Pham V T, Bohme M, Santosa A E, et al. Smart greybox fuzzing[J]. IEEE Transactions on Software Engineering, 2021, 47(9): 1980−1997
|
[13] |
Situ L Y, Zuo Zhiqiang, Guan Le, et al. Vulnerable region-aware greybox fuzzing[J]. Journal of Computer Science and Technology, 2021, 36(5): 1212−1228 doi: 10.1007/s11390-021-1196-0
|
[14] |
Österlund S, Razavi K, Bos H, et al. Parmesan: Sanitizer-guided greybox fuzzing[C]//Proc of the 29th USENIX Security Symp. Berkeley, CA: USENIX Association, 2020: 2289−2306
|
[15] |
Zheng Wei, Deng Peiran, Gui Kui, et al. An abstract syntax tree based static fuzzing mutation for vulnerability evolution analysis[J]. Information and Software Technology, 2023, 158: 107194 doi: 10.1016/j.infsof.2023.107194
|
[16] |
马锐,贺金媛,王雪霏,等. 基于汤普森采样的模糊测试用例变异方法[J]. 北京理工大学学报,2020,40(12):1307−1313
Ma Rui, He Jinyuan, Wang Xuefei, et al. Mutation scheme for fuzzing based on Thompson sampling[J]. Transactions of Beijing Institute of Technology, 2020, 40(12): 1307−1313 (in Chinese)
|
[17] |
Pang Chengbin, Liu Hongbin, Wang Yifan, et al. Generation-based fuzzing? Don't build a new generator, reuse![J]. Computers and Security, 2023, 129: 103178 doi: 10.1016/j.cose.2023.103178
|
[18] |
Li Yuekang, Chen Bihuan, Chandramohan M, et al. Steelix: Program-state based binary fuzzing[C]//Proc of the 11th Joint Meeting on Foundations of Software Engineering. New York: ACM, 2017: 627−637
|
[19] |
Lemieux C, Sen K. FairFuzz-TC: A fuzzer targeting rare branches[J]. International Journal on Software Tools for Technology Transfer, 2021, 23(6): 863−866 doi: 10.1007/s10009-020-00569-w
|
[20] |
Wang Tielei, Wei Tao, Gu Guofei, et al. TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]//Proc of the 31st IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2010: 497−512
|
[21] |
Li Tiankai, Li Jianping, He Xi. An improvement of AFL based on the function call depth[C]//Proc of the 18th Int Computer Conf on Wavelet Active Media Technology and Information Processing. Piscataway, NJ: IEEE, 2021: 440−445
|
[22] |
Liu Yinxi, Meng Wei. DSFuzz: Detecting deep state bugs with dependent state exploration[C]//Proc of the 30th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2023: 1242−1256
|
[23] |
肖天,江智昊,唐鹏,等. 基于深度强化学习的高性能导向性模糊测试方案[J]. 网络与信息安全学报,2023,9(2):132−142
Xiao Tian, Jiang Zhihao, Tang Peng, et al. High-performance directional fuzzing scheme based on deep reinforcement learning[J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132−142 (in Chinese)
|
[24] |
谢肖飞,李晓红,陈翔,等. 基于符号执行与模糊测试的混合测试方法[J]. 软件学报,2019,30(10):3071−3089
Xie Xiaofei, Li Xiaohong, Chen Xiang, et al. Hybrid testing based on symbolic execution and fuzzing[J]. Journal of Software, 2019, 30(10): 3071−3089 (in Chinese)
|
[25] |
Wang Rong, Liu Shaoying, Sato Yuji. SIT-SE: A specification-based incremental testing method with symbolic execution[J]. IEEE Transactions on Reliability, 2021, 70(3): 1053−1070 doi: 10.1109/TR.2021.3078714
|
[26] |
Noller Y, Kersten R, Pasareanu C S. Badger: Complexity analysis with fuzzing and symbolic execution[C]//Proc of the 27th ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2018: 322−332
|
[27] |
Ognawala S, Kilger F, Pretschner A. Compositional fuzzing aided by targeted symbolic execution[J]. arXiv preprint, arXiv:1903.02981, 2019
|
[28] |
Sargsyan S, Hakobyan J, Nersisyan L, et al. Improving fuzzing efficiency based on extracted constant values[C]//Proc of the 2022 Ivannikov Open Conf. Piscataway, NJ: IEEE, 2022: 81−85
|
[29] |
Huang Heqing, Guo Yiyuan, Shi Qingkai, et al. BEACON: Directed grey-box fuzzing with provable path pruning[C]//Proc of the 43rd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2022: 36−50
|
[30] |
刘华渊,苏云飞,李瑞林,等. 结构状态覆盖导向的灰盒模糊测试技术[J]. 西安电子科技大学学报,2021,48(1):117−123
Liu Huayuan, Su Yunfei, Li Ruilin, et al. Structure-statebased graybox fuzzing technique[J]. Journal of Xidian University, 2021, 48(1): 117−123 (in Chinese)
|
[31] |
Zalewski M. American fuzzy lop (2.52b)[EB/OL]. [2023-06-12]. https://lcamtuf.coredump.cx/afl
|
[32] |
Zhou Xu, Wang Pengfei, Liu Chenyifan, et al. UltraFuzz: Towards resource-saving in distributed fuzzing[J]. IEEE Transactions on Software Engineering, 2023, 49(4): 2394−2412 doi: 10.1109/TSE.2022.3219520
|
[33] |
Miyaki R, Yoshida N, Tsuzuki N, et al. Fuzz4B: A support tool for fuzzing with AFL[J]. Computer Software, 2022, 39(2): 124−142
|
[34] |
Ding Zhenyu, Le Goues C. An empirical study of OSS-Fuzz bugs[C]//Proc of the 18th IEEE/ACM Int Conf on Mining Software Repositories. Piscataway, NJ: IEEE, 2021: 131−142
|
[35] |
LLVM Project. LibFuzzer―A library for coverage-guided fuzz testing[EB/OL]. [2023-06-13]. https://llvm.org/docs/LibFuzzer.html
|
[36] |
Google. Honggfuzz[EB/OL]. [2023-05-28]. https://github.com/google/honggfuzz
|
[37] |
Godefroid P, Levin M Y, Molnar D. SAGE: Whitebox fuzzing for security testing[J]. Communications of the ACM, 2012, 55(3): 40−44 doi: 10.1145/2093548.2093564
|
[38] |
Microsoft. OneFuzz[EB/OL]. [2023-06-10]. https://github.com/microsoft/onefuzz
|
[39] |
王明哲,姜宇,孙家广. 模糊测试中的静态插桩技术[J]. 计算机研究与发展,2023,60(2):262−273
Wang Mingzhe, Jiang Yu, Sun Jiaguang. Static instrumentation techniques in fuzzing testing[J]. Journal of Computer Research and Development, 2023, 60(2): 262−273 (in Chinese)
|
[40] |
Engelke A, Schulz M. Instrew: Leveraging LLVM for high performance dynamic binary instrumentation[C]//Proc of the 16th ACM SIGPLAN/SIGOPS Int Conf on Virtual Execution Environments. New York: ACM, 2020: 172−184
|
[41] |
申莹珠,顾纯祥,陈熹,等. 基于模型学习的OpenVPN系统脆弱性分析[J]. 软件学报,2019,30(12):3750−3764
Shen Yingzhu, Gu Chunxiang, Chen Xi, et al. Vulnerability analysis of OpenVPN system based on model learning[J]. Journal of Software, 2019, 30(12): 3750−3764 (in Chinese)
|
[42] |
Doupé A, Cavedon L, Kruegel C, et al. Enemy of the state: A state-aware black-box web vulnerability scanner[C]//Proc of the 21st USENIX Security Symp. Berkeley, CA: USENIX Association, 2012: 523−538
|
[43] |
Alexi T, Pierre D B, Filip K, et al. Signatr: A data-driven fuzzing tool for R[C]//Proc of the 15th ACM SIGPLAN Int Conf on Software Language Engineering. New York: ACM, 2022: 216−221
|
[44] |
Cheng Yixuan, Fan Wenqing, Huang Wei, et al. PDFuzzerGen: Policy-driven black-box fuzzer generation for smart devices[J]. Security and Communication Networks, 2022, 2022: 9788219
|
[45] |
Redini N, Continella A, Das D, et al. Diane: Identifying fuzzing triggers in apps to generate under-constrained inputs for IoT devices[C]//Proc of the 42nd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2021: 484−500
|
[46] |
Liu Xiaolong, Wei Qiang, Wang Qingxian, et al. CAFA: A checksum-aware fuzzing assistant tool for coverage improvement[J]. Security and Communication Networks, 2018, 2018: 9071065
|
[47] |
Lyu C, Ji Shouling, Zhang Chao, et al. MOPT: Optimized mutation scheduling for fuzzers[C]//Proc of the 28th USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 1949−1966
|
[1] | Wang Haotian, Ding Yan, He Xianhao, Xiao Guoqing, Yang Wangdong. SparseMode: A Sparse Compiler Framework for Efficient SpMV Vectorized Code Generation[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202550139 |
[2] | Yan Zhiyuan, Xie Biwei, Bao Yungang. HVMS: A Hybrid Vectorization-Optimized Mechanism of SpMV[J]. Journal of Computer Research and Development, 2024, 61(12): 2969-2984. DOI: 10.7544/issn1000-1239.202330204 |
[3] | Feng Jingge, He Yeping, Tao Qiuming, Ma Hengtai. SLP Vectorization Method Based on Multiple Isomorphic Transformations[J]. Journal of Computer Research and Development, 2023, 60(12): 2907-2927. DOI: 10.7544/issn1000-1239.202220354 |
[4] | Li Xiaodan, Wu Wenling, Zhang Li. Efficient Search for Optimal Vector Permutations of uBlock-like Structures[J]. Journal of Computer Research and Development, 2022, 59(10): 2275-2285. DOI: 10.7544/issn1000-1239.20220485 |
[5] | Chen Yu, Liu Zhongjin, Zhao Weiwei, Ma Yuan, Shi Zhiqiang, Sun Limin. A Large-Scale Cross-Platform Homologous Binary Retrieval Method[J]. Journal of Computer Research and Development, 2018, 55(7): 1498-1507. DOI: 10.7544/issn1000-1239.2018.20180078 |
[6] | Li Junnan, Yang Xiangrui, Sun Zhigang. DrawerPipe: A Reconfigurable Packet Processing Pipeline for FPGA[J]. Journal of Computer Research and Development, 2018, 55(4): 717-728. DOI: 10.7544/issn1000-1239.2018.20170927 |
[7] | Zhao Jianghua, Mu Shuting, Wang Xuezhi, Lin Qinghui, Zhang Xi, Zhou Yuanchun. Crowdsourcing-Based Scientific Data Processing[J]. Journal of Computer Research and Development, 2017, 54(2): 284-294. DOI: 10.7544/issn1000-1239.2017.20160850 |
[8] | Luo Zhangqi, Huang Kun, Zhang Dafang, Guan Hongtao, Xie Gaogang. A Many-Core Processor Resource Allocation Scheme for Packet Processing[J]. Journal of Computer Research and Development, 2014, 51(6): 1159-1166. |
[9] | Wen Shuguang, Xie Gaogang. libpcap-MT: A General Purpose Packet Capture Library with Multi-Thread[J]. Journal of Computer Research and Development, 2011, 48(5): 756-764. |
[10] | Tian Daxin, Liu Yanheng, Li Yongli, Tang Yi. A Fast Matching Algorithm and Conflict Detection for Packet Filter Rules[J]. Journal of Computer Research and Development, 2005, 42(7): 1128-1135. |