AugPersist:自动增强持久性软件基于覆盖范围的灰盒模糊测试的持久性

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-09-07 DOI:10.1016/j.cose.2024.104099
Chiheng Wang, Jianshan Peng, Junhu Zhu, Qingxian Wang
{"title":"AugPersist:自动增强持久性软件基于覆盖范围的灰盒模糊测试的持久性","authors":"Chiheng Wang,&nbsp;Jianshan Peng,&nbsp;Junhu Zhu,&nbsp;Qingxian Wang","doi":"10.1016/j.cose.2024.104099","DOIUrl":null,"url":null,"abstract":"<div><p>Fuzzing is one of the most successful approaches for verifying software functionalities and discovering security vulnerabilities. However, the software with persistent runtime characteristics (e.g., web service programs) cannot be effectively tested by current coverage-based greybox (CG) fuzzers, which strictly rely on the termination state of the target software to feed test cases synchronously and obtain code coverage. The present approach requires delicate analysis and modification of the target to eliminate its persistence, but leads to excessive non-essential restarts during testing, resulting in low throughput.</p><p>To improve the convenience and efficiency of CG fuzzing for persistent software, we propose augmenting persistence (AugPersist) as a complementary method. AugPersist introduces the concept of persistent basic block (PBB) to leverage the inherent code features of persistent software. PBB can be found automatically and quickly before fuzzing based on the execution flow graph (EFG). On this basis, we develop a low- delay synchronous communication so that after regular test cases are fed into the target, the fuzzer can derive code coverage without rebooting the target, thus significantly minimizing extraneous restarts. Additionally, by utilizing the self-adaptive forkserver, we can dynamically adjust the re-execution point of the target to the PBB position, which further minimizes losses when test cases trigger exceptions and cause necessary restarts.</p><p>To show the potential of augmenting persistence, we create two implementations, AFL-AugPersist and AFLNet-AugPersist, using AFL and AFLNet as baselines. We evaluate both with their respective baselines on different benchmarks. AFL-AugPersist makes stateless persistent software easier to be fuzzed than AFL and provides 4.9 × to 71.1 × throughput improvement compared to AFL. The throughput of AFLNet-AugPersist improves by a maximum of 210.0 × and a minimum of 3.3 × compared to AFLNet. These results show that AugPersist significantly contributes to the convenience and efficiency of CG fuzzing on persistent software.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104099"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"AugPersist: Automatically augmenting the persistence of coverage-based greybox fuzzing for persistent software\",\"authors\":\"Chiheng Wang,&nbsp;Jianshan Peng,&nbsp;Junhu Zhu,&nbsp;Qingxian Wang\",\"doi\":\"10.1016/j.cose.2024.104099\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Fuzzing is one of the most successful approaches for verifying software functionalities and discovering security vulnerabilities. However, the software with persistent runtime characteristics (e.g., web service programs) cannot be effectively tested by current coverage-based greybox (CG) fuzzers, which strictly rely on the termination state of the target software to feed test cases synchronously and obtain code coverage. The present approach requires delicate analysis and modification of the target to eliminate its persistence, but leads to excessive non-essential restarts during testing, resulting in low throughput.</p><p>To improve the convenience and efficiency of CG fuzzing for persistent software, we propose augmenting persistence (AugPersist) as a complementary method. AugPersist introduces the concept of persistent basic block (PBB) to leverage the inherent code features of persistent software. PBB can be found automatically and quickly before fuzzing based on the execution flow graph (EFG). On this basis, we develop a low- delay synchronous communication so that after regular test cases are fed into the target, the fuzzer can derive code coverage without rebooting the target, thus significantly minimizing extraneous restarts. Additionally, by utilizing the self-adaptive forkserver, we can dynamically adjust the re-execution point of the target to the PBB position, which further minimizes losses when test cases trigger exceptions and cause necessary restarts.</p><p>To show the potential of augmenting persistence, we create two implementations, AFL-AugPersist and AFLNet-AugPersist, using AFL and AFLNet as baselines. We evaluate both with their respective baselines on different benchmarks. AFL-AugPersist makes stateless persistent software easier to be fuzzed than AFL and provides 4.9 × to 71.1 × throughput improvement compared to AFL. The throughput of AFLNet-AugPersist improves by a maximum of 210.0 × and a minimum of 3.3 × compared to AFLNet. These results show that AugPersist significantly contributes to the convenience and efficiency of CG fuzzing on persistent software.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104099\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-09-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824004048\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004048","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

模糊测试是验证软件功能和发现安全漏洞的最成功方法之一。然而,目前基于覆盖率的灰盒(CG)模糊器无法对具有持久运行特性的软件(如网络服务程序)进行有效测试,这种模糊器严格依赖目标软件的终止状态来同步输入测试用例并获得代码覆盖率。目前的方法需要对目标软件进行细致的分析和修改,以消除其持久性,但会导致测试过程中过多的非必要重启,从而降低测试效率。为了提高持久性软件的 CG 模糊测试的便利性和效率,我们提出了增强持久性(AugPersist)作为补充方法。AugPersist 引入了持久性基本块(PBB)的概念,以利用持久性软件固有的代码特性。在基于执行流图(EFG)进行模糊测试之前,可以自动快速地找到 PBB。在此基础上,我们开发了一种低延迟同步通信,这样在将常规测试用例输入目标机后,模糊器无需重启目标机即可获得代码覆盖率,从而大大减少了无关的重启。此外,通过利用自适应分叉服务器,我们可以将目标的重新执行点动态调整到 PBB 位置,从而进一步减少测试用例触发异常并导致必要重启时的损失。我们在不同的基准测试中对这两种实现与各自的基准进行了评估。与 AFL 相比,AFL-AugPersist 使无状态持久性软件更容易被模糊,吞吐量提高了 4.9 倍到 71.1 倍。与 AFLNet 相比,AFLNet-AugPersist 的吞吐量最大提高 210.0 倍,最小提高 3.3 倍。这些结果表明,AugPersist 大大提高了对持久性软件进行 CG 模糊测试的便利性和效率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
AugPersist: Automatically augmenting the persistence of coverage-based greybox fuzzing for persistent software

Fuzzing is one of the most successful approaches for verifying software functionalities and discovering security vulnerabilities. However, the software with persistent runtime characteristics (e.g., web service programs) cannot be effectively tested by current coverage-based greybox (CG) fuzzers, which strictly rely on the termination state of the target software to feed test cases synchronously and obtain code coverage. The present approach requires delicate analysis and modification of the target to eliminate its persistence, but leads to excessive non-essential restarts during testing, resulting in low throughput.

To improve the convenience and efficiency of CG fuzzing for persistent software, we propose augmenting persistence (AugPersist) as a complementary method. AugPersist introduces the concept of persistent basic block (PBB) to leverage the inherent code features of persistent software. PBB can be found automatically and quickly before fuzzing based on the execution flow graph (EFG). On this basis, we develop a low- delay synchronous communication so that after regular test cases are fed into the target, the fuzzer can derive code coverage without rebooting the target, thus significantly minimizing extraneous restarts. Additionally, by utilizing the self-adaptive forkserver, we can dynamically adjust the re-execution point of the target to the PBB position, which further minimizes losses when test cases trigger exceptions and cause necessary restarts.

To show the potential of augmenting persistence, we create two implementations, AFL-AugPersist and AFLNet-AugPersist, using AFL and AFLNet as baselines. We evaluate both with their respective baselines on different benchmarks. AFL-AugPersist makes stateless persistent software easier to be fuzzed than AFL and provides 4.9 × to 71.1 × throughput improvement compared to AFL. The throughput of AFLNet-AugPersist improves by a maximum of 210.0 × and a minimum of 3.3 × compared to AFLNet. These results show that AugPersist significantly contributes to the convenience and efficiency of CG fuzzing on persistent software.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Beyond the sandbox: Leveraging symbolic execution for evasive malware classification Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks PdGAT-ID: An intrusion detection method for industrial control systems based on periodic extraction and spatiotemporal graph attention Dynamic trigger-based attacks against next-generation IoT malware family classifiers Assessing cybersecurity awareness among bank employees: A multi-stage analytical approach using PLS-SEM, ANN, and fsQCA in a developing country context
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1