Evaluating the Fork-Awareness of Coverage-Guided Fuzzers

Marcello Maugeri, Cristian Daniele, Giampaolo Bella, Erik Poll

2023

Abstract

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies on the instrumentation of the system to generate inputs able to cover as much code as possible. The success of this approach is also due to its usability as fuzzing techniques research approaches that do not require (or only partial require) human interactions. Despite the efforts, devising a fully-automated fuzzer still seems to be a challenging task. Target systems may be very complex; they may integrate cryptographic primitives, compute and verify check-sums and employ forks to enhance the system security, achieve better performances or manage different connections at the same time. This paper introduces the fork-awareness property to express the fuzzer ability to manage systems using forks. This property is leveraged to evaluate 14 of the most widely coverage-guided fuzzers and highlight how current fuzzers are ineffective against systems using forks.

Download


Paper Citation


in Harvard Style

Maugeri M., Daniele C., Bella G. and Poll E. (2023). Evaluating the Fork-Awareness of Coverage-Guided Fuzzers. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 424-429. DOI: 10.5220/0011648600003405


in Bibtex Style

@conference{icissp23,
author={Marcello Maugeri and Cristian Daniele and Giampaolo Bella and Erik Poll},
title={Evaluating the Fork-Awareness of Coverage-Guided Fuzzers},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={424-429},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011648600003405},
isbn={978-989-758-624-8},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
SN - 978-989-758-624-8
AU - Maugeri M.
AU - Daniele C.
AU - Bella G.
AU - Poll E.
PY - 2023
SP - 424
EP - 429
DO - 10.5220/0011648600003405