FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library

Joonun Jang, Huy Kang Kim

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    6 Citations (Scopus)

    Abstract

    Fuzzing is an effective method to find bugs in software. Many security communities are interested in fuzzing as an automated approach to verify software security because most of the bugs discovered by fuzzing are related to security vulnerabilities. However, not all software can be tested by fuzzing because fuzzing requires a running environment, especially an executable. Notably, in the case of libraries, most of the libraries do not have a relevant executable in practice. Thus, state-of-the-art fuzzers have a limitation to test an arbitrary library. To overcome this problem, we propose FuzzBuilder to provide an automated fuzzing environment for libraries. FuzzBuilder generates an executable that calls library API functions to enable library fuzzing. Moreover, any executable generated by FuzzBuilder is compatible with existing fuzzers such as AFL. We evaluate the overall performance of FuzzBuilder by testing open source libraries. Consequently, we discovered unknown bugs in libraries while achieving high code coverage. We believe that FuzzBuilder helps security researchers to save both setup cost and learning cost for library fuzzing.

    Original languageEnglish
    Title of host publicationProceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
    PublisherAssociation for Computing Machinery
    Pages627-637
    Number of pages11
    ISBN (Electronic)9781450376280
    DOIs
    Publication statusPublished - 2019 Dec 9
    Event35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States
    Duration: 2019 Dec 92019 Dec 13

    Publication series

    NameACM International Conference Proceeding Series

    Conference

    Conference35th Annual Computer Security Applications Conference, ACSAC 2019
    Country/TerritoryUnited States
    CitySan Juan
    Period19/12/919/12/13

    Bibliographical note

    Publisher Copyright:
    © 2019 Association for Computing Machinery.

    Keywords

    • Greybox fuzzing
    • Library fuzzing
    • Software development
    • Unit test

    ASJC Scopus subject areas

    • Software
    • Human-Computer Interaction
    • Computer Vision and Pattern Recognition
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library'. Together they form a unique fingerprint.

    Cite this