Abstract
Fuzzing is an effective method to find bugs in software. Many security communities are interested in fuzzing as an automated approach to verify software security because most of the bugs discovered by fuzzing are related to security vulnerabilities. However, not all software can be tested by fuzzing because fuzzing requires a running environment, especially an executable. Notably, in the case of libraries, most of the libraries do not have a relevant executable in practice. Thus, state-of-the-art fuzzers have a limitation to test an arbitrary library. To overcome this problem, we propose FuzzBuilder to provide an automated fuzzing environment for libraries. FuzzBuilder generates an executable that calls library API functions to enable library fuzzing. Moreover, any executable generated by FuzzBuilder is compatible with existing fuzzers such as AFL. We evaluate the overall performance of FuzzBuilder by testing open source libraries. Consequently, we discovered unknown bugs in libraries while achieving high code coverage. We believe that FuzzBuilder helps security researchers to save both setup cost and learning cost for library fuzzing.
Original language | English |
---|---|
Title of host publication | Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019 |
Publisher | Association for Computing Machinery |
Pages | 627-637 |
Number of pages | 11 |
ISBN (Electronic) | 9781450376280 |
DOIs | |
Publication status | Published - 2019 Dec 9 |
Event | 35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States Duration: 2019 Dec 9 → 2019 Dec 13 |
Publication series
Name | ACM International Conference Proceeding Series |
---|
Conference
Conference | 35th Annual Computer Security Applications Conference, ACSAC 2019 |
---|---|
Country/Territory | United States |
City | San Juan |
Period | 19/12/9 → 19/12/13 |
Bibliographical note
Publisher Copyright:© 2019 Association for Computing Machinery.
Keywords
- Greybox fuzzing
- Library fuzzing
- Software development
- Unit test
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications