Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Sat 11 Jul 2020 00:00 - 00:12 at Baekje - P25-Fuzzing Chair(s): Marcel Böhme

Existing coverage-based fuzzers usually use the individual controlflow graph (CFG) edge coverage to guide the fuzzing process, which has shown great potential in finding vulnerabilities. However, CFG edge coverage is not effective in discovering vulnerabilities such as use-after-free (UaF). This is because, to trigger UaF vulnerabilities, one needs not only to cover individual edges, but also to traverse some long sequence of edges in a particular order, which is challenging for existing fuzzers. To this end, we first propose to model UaF vulnerabilities as typestate properties, then develop a typestate-guided fuzzer, named UAFL, for discovering vulnerabilities violating typestate properties. Given a typestate property, we first perform a static typestate analysis to find operation sequences potentially violating the property. Then, the fuzzing process is guided by the operation sequences in order to progressively generate test cases triggering property violations. In addition, we also adopt the information flow analysis to improve the efficiency of the fuzzing process. We performed a thorough evaluation of UAFL on 14 widely-used real-world programs. The experiment results show that UAFL substantially outperforms the state-of-the-art fuzzers, including AFL, AFLFast, FairFuzz, MOpt, Angora and QSYM, interms of the time taken to discover vulnerabilities. We discovered10 previously unknown vulnerabilities, and received 5 new CVEs.

Sat 11 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

00:00 - 01:00: P25-FuzzingPaper Presentations / Technical Papers at Baekje
Chair(s): Marcel BöhmeMonash University
00:00 - 00:12
Talk
Technical Papers
Haijun WangAnt Financial Services Group, China; CSSE, Shenzhen University, China, Xiaofei XieNanyang Technological University, Yi LiNanyang Technological University, Cheng WenShenzhen University, Yuekang LiNanyang Technological University, Yang LiuNanyang Technological University, Singapore, Shengchao QinUniversity of Teesside, Hongxu ChenResearch Associate, Yulei SuiUniversity of Technology Sydney, Australia
Link to publication DOI Pre-print
00:12 - 00:24
Talk
Technical Papers
Tai D. NguyenSingapore Management University, Long H. PhamSingapore University of Technology and Design, Jun SunSingapore Management University, Yun LinNational University of Singapore, Minh Quang TranHo Chi Minh City University of Technology
00:24 - 00:36
Talk
Technical Papers
Caius BrindescuOregon State University, Iftekhar AhmedUniversity of California at Irvine, USA, Rafael LeanoOregon State University, Anita SarmaOregon State University
00:36 - 00:48
Talk
Technical Papers
Akond RahmanTennessee Tech University, Effat FarhanaNorth Carolina State University, Chris ParninNorth Carolina State University, Laurie WilliamsNorth Carolina State University
Pre-print
00:48 - 01:00
Talk
Technical Papers
Tegan BrennanUniversity of California, Santa Barbara, Seemanta SahaUniversity of California Santa Barbara, Tevfik BultanUniversity of California, Santa Barbara