Coverage-based greybox fuzzing (CGF) is one of the most successful approaches for automated vulnerability detection. Given a seed file (as a sequence of bits), a CGF randomly flips, deletes or copies some bits to generate new files. CGF iteratively constructs (and fuzzes) a seed corpus by retaining those generated files which enhance coverage. However, random bitflips are unlikely to produce valid files (or valid chunks in files), for applications processing complex file formats. In this work, we introduce smart greybox fuzzing (SGF) which leverages a high-level structural representation of the seed file to generate new files. We define innovative mutation operators that work on the virtual file structure rather than on the bit level which allows SGF to explore completely new input domains while maintaining file validity. We introduce a novel validity-based power schedule that enables SGF to spend more time generating files that are more likely to pass the parsing stage of the program, which can expose vulnerabilities much deeper in the processing logic. Our evaluation demonstrates the effectiveness of SGF. On several libraries that parse complex chunk-based files, our tool AFLSmart achieves substantially more branch coverage (up to 87% improvement) and exposes more vulnerabilities than baseline AFL. Our tool AFLSmart discovered 42 zero-day vulnerabilities in widely-used, well-tested tools and libraries; 22 CVEs were assigned.
Fri 10 JulDisplayed time zone: (UTC) Coordinated Universal Time change
15:00 - 16:00 | A21-Testing and Debugging 3Journal First / Technical Papers at Silla Chair(s): Tingting Yu University of Kentucky | ||
15:00 12mTalk | Schrödinger's Security: Opening the Box on App Developers' Security RationaleTechnical Technical Papers Dirk van der Linden University of Bristol, Pauline Anthonysamy Google Inc., Bashar Nuseibeh The Open University (UK) & Lero (Ireland), Thein Tun , Marian Petre The Open University, Mark Levine Lancaster University, John Towse Lancaster University, Awais Rashid University of Bristol, UK | ||
15:12 8mTalk | Smart Greybox FuzzingJ1 Journal First Van-Thuan Pham Monash University, Marcel Böhme Monash University, Andrew Santosa National University of Singapore, Alexandru Răzvan Căciulescu UiPath, Abhik Roychoudhury National University of Singapore, Singapore | ||
15:20 8mTalk | Deep Transfer Bug LocalizationJ1 Journal First Xuan Huo Nanjing University, Ferdian Thung Singapore Management University, Ming Li Nanjing University, David Lo Singapore Management University, Shu-Ting Shi Nanjing University | ||
15:28 8mTalk | A Benchmark-Based Evaluation of Search-Based Crash ReproductionJ1 Journal First Mozhan Soltani Leiden University, Pouria Derakhshanfar Delft University of Technology, Xavier Devroey Delft University of Technology, Arie van Deursen Delft University of Technology Link to publication DOI Pre-print Media Attached | ||
15:36 12mTalk | An Investigation of Cross-Project Learning in Online Just-In-Time Software Defect PredictionTechnical Technical Papers Sadia Tabassum University of Birmingham, UK, Leandro Minku University of Birmingham, UK, Danyi Feng XiLiu Tech, George Cabral Universidade Federal Rural de Pernambuco, Liyan Song University of Birmingham | ||
15:48 8mTalk | An Empirical Study of the Long Duration of Continuous Integration BuildsJ1 Journal First Taher A Ghaleb Queen's University, Daniel Alencar Da Costa University of Otago, Ying Zou Queen's University, Kingston, Ontario Link to publication DOI Pre-print | ||