DFL: A DOM sample generation oriented fuzzing framework for browser rendering engines

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Information and Software Technology Pub Date : 2024-10-01 DOI:10.1016/j.infsof.2024.107591
Guoyun Duan , Hai Zhao , Minjie Cai , Jianhua Sun , Hao Chen
{"title":"DFL: A DOM sample generation oriented fuzzing framework for browser rendering engines","authors":"Guoyun Duan ,&nbsp;Hai Zhao ,&nbsp;Minjie Cai ,&nbsp;Jianhua Sun ,&nbsp;Hao Chen","doi":"10.1016/j.infsof.2024.107591","DOIUrl":null,"url":null,"abstract":"<div><div>The security of web browsers, being fundamental to Internet access infrastructure, has garnered significant attention. Current approaches to identify browser vulnerabilities predominantly rely on code auditing and componentized unit testing. Fuzzing has emerged as an efficient technique for vulnerability discovery. However, adapting this method to browser security testing poses considerable challenges. Recent endeavors in browser vulnerability discovery primarily concentrate on the parsing engine, with limited solutions addressing the rendering engine. Moreover, coverage-guided mutation, a critical aspect, is not prevalent in existing fuzzing frameworks. In this paper, we present a coverage-guided fuzzing framework of DFL, which builds on Freedom and AFL to re-engineer various text generators based on DOM syntax and optimize the efficiency of sample generation. Additionally, serialization and deserialisation methods are developed for the implementation of generator text mutations and the seamless conversion between binary samples and the source DOM tree. When compared with three established DOM fuzzing frameworks in the latest Chromium kernel, DFL has demonstrated an ability to uncover 1.5–3 times more vulnerabilities within a short timeframe. Our research identifies potential avenues for further exploration in browser rendering engine security, specifically focusing on sample generation and path direction.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107591"},"PeriodicalIF":3.8000,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584924001964","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The security of web browsers, being fundamental to Internet access infrastructure, has garnered significant attention. Current approaches to identify browser vulnerabilities predominantly rely on code auditing and componentized unit testing. Fuzzing has emerged as an efficient technique for vulnerability discovery. However, adapting this method to browser security testing poses considerable challenges. Recent endeavors in browser vulnerability discovery primarily concentrate on the parsing engine, with limited solutions addressing the rendering engine. Moreover, coverage-guided mutation, a critical aspect, is not prevalent in existing fuzzing frameworks. In this paper, we present a coverage-guided fuzzing framework of DFL, which builds on Freedom and AFL to re-engineer various text generators based on DOM syntax and optimize the efficiency of sample generation. Additionally, serialization and deserialisation methods are developed for the implementation of generator text mutations and the seamless conversion between binary samples and the source DOM tree. When compared with three established DOM fuzzing frameworks in the latest Chromium kernel, DFL has demonstrated an ability to uncover 1.5–3 times more vulnerabilities within a short timeframe. Our research identifies potential avenues for further exploration in browser rendering engine security, specifically focusing on sample generation and path direction.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
DFL:面向浏览器渲染引擎的 DOM 样本生成模糊测试框架
网络浏览器是互联网访问基础设施的基础,其安全性备受关注。目前识别浏览器漏洞的方法主要依赖于代码审计和组件化单元测试。模糊测试(Fuzzing)已成为发现漏洞的一种有效技术。然而,将这种方法应用于浏览器安全测试却面临着相当大的挑战。最近在浏览器漏洞发现方面所做的努力主要集中在解析引擎上,针对渲染引擎的解决方案非常有限。此外,覆盖引导突变是一个关键方面,但在现有的模糊框架中并不普遍。在本文中,我们介绍了 DFL 的覆盖引导模糊框架,该框架以 Freedom 和 AFL 为基础,根据 DOM 语法重新设计了各种文本生成器,并优化了样本生成的效率。此外,还开发了序列化和反序列化方法,用于实现生成器文本突变以及二进制样本与源 DOM 树之间的无缝转换。在最新的 Chromium 内核中,与三个成熟的 DOM 模糊框架相比,DFL 在短时间内发现的漏洞要多出 1.5-3 倍。我们的研究确定了进一步探索浏览器渲染引擎安全性的潜在途径,特别是侧重于样本生成和路径方向。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Information and Software Technology
Information and Software Technology 工程技术-计算机:软件工程
CiteScore
9.10
自引率
7.70%
发文量
164
审稿时长
9.6 weeks
期刊介绍: Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.
期刊最新文献
A software product line approach for developing hybrid software systems Evaluating the understandability and user acceptance of Attack-Defense Trees: Original experiment and replication On the road to interactive LLM-based systematic mapping studies Top-down: A better strategy for incremental covering array generation Editorial Board
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1