PTfuzz: Guided Fuzzing With Processor Trace Feedback
Greybox fuzzing, such as american fuzzy lop (AFL), is very efficient in finding software vulnerability, which makes it the state-of-the-art fuzzing technology. Greybox fuzzing leverages the branch information collected during program running as feedback to guide choosing seeds. Current greybox fuzzi...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2018-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8399803/ |
id |
doaj-4df5315e2540453fb34f832186133b9e |
---|---|
record_format |
Article |
spelling |
doaj-4df5315e2540453fb34f832186133b9e2021-03-29T20:56:56ZengIEEEIEEE Access2169-35362018-01-016373023731310.1109/ACCESS.2018.28512378399803PTfuzz: Guided Fuzzing With Processor Trace FeedbackGen Zhang0https://orcid.org/0000-0001-7709-0751Xu Zhou1Yingqi Luo2https://orcid.org/0000-0001-9449-183XXugang Wu3Erxue Min4https://orcid.org/0000-0002-1972-6608College of Computer, National University of Defense Technology, Changsha, ChinaCollege of Computer, National University of Defense Technology, Changsha, ChinaCollege of Computer, National University of Defense Technology, Changsha, ChinaCollege of Computer, National University of Defense Technology, Changsha, ChinaCollege of Computer, National University of Defense Technology, Changsha, ChinaGreybox fuzzing, such as american fuzzy lop (AFL), is very efficient in finding software vulnerability, which makes it the state-of-the-art fuzzing technology. Greybox fuzzing leverages the branch information collected during program running as feedback to guide choosing seeds. Current greybox fuzzing generally uses two kinds of methods to collect branch information: compile-time instrumentation (AFL) and emulation [AFL extended with QEMU emulation (QAFL)]. Compile-time instrumentation is efficient, but it does not support binary programs. Meanwhile, emulation supports binary programs, but its efficiency is very low. In this paper, we propose a greybox fuzzing approach named PTfuzz, which leverages hardware mechanism (Intel Processor Trace) to collect branch information. Our approach supports binary programs, just like the emulation method, while it gains a comparable performance with the compile-time instrumentation method. Our experiments show that PTfuzz can fuzz the original binary programs without any modification, and we gain a 3× performance improvement compared to QAFL.https://ieeexplore.ieee.org/document/8399803/Feedbackgreybox fuzzingIntel PTsoftware security |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Gen Zhang Xu Zhou Yingqi Luo Xugang Wu Erxue Min |
spellingShingle |
Gen Zhang Xu Zhou Yingqi Luo Xugang Wu Erxue Min PTfuzz: Guided Fuzzing With Processor Trace Feedback IEEE Access Feedback greybox fuzzing Intel PT software security |
author_facet |
Gen Zhang Xu Zhou Yingqi Luo Xugang Wu Erxue Min |
author_sort |
Gen Zhang |
title |
PTfuzz: Guided Fuzzing With Processor Trace Feedback |
title_short |
PTfuzz: Guided Fuzzing With Processor Trace Feedback |
title_full |
PTfuzz: Guided Fuzzing With Processor Trace Feedback |
title_fullStr |
PTfuzz: Guided Fuzzing With Processor Trace Feedback |
title_full_unstemmed |
PTfuzz: Guided Fuzzing With Processor Trace Feedback |
title_sort |
ptfuzz: guided fuzzing with processor trace feedback |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2018-01-01 |
description |
Greybox fuzzing, such as american fuzzy lop (AFL), is very efficient in finding software vulnerability, which makes it the state-of-the-art fuzzing technology. Greybox fuzzing leverages the branch information collected during program running as feedback to guide choosing seeds. Current greybox fuzzing generally uses two kinds of methods to collect branch information: compile-time instrumentation (AFL) and emulation [AFL extended with QEMU emulation (QAFL)]. Compile-time instrumentation is efficient, but it does not support binary programs. Meanwhile, emulation supports binary programs, but its efficiency is very low. In this paper, we propose a greybox fuzzing approach named PTfuzz, which leverages hardware mechanism (Intel Processor Trace) to collect branch information. Our approach supports binary programs, just like the emulation method, while it gains a comparable performance with the compile-time instrumentation method. Our experiments show that PTfuzz can fuzz the original binary programs without any modification, and we gain a 3× performance improvement compared to QAFL. |
topic |
Feedback greybox fuzzing Intel PT software security |
url |
https://ieeexplore.ieee.org/document/8399803/ |
work_keys_str_mv |
AT genzhang ptfuzzguidedfuzzingwithprocessortracefeedback AT xuzhou ptfuzzguidedfuzzingwithprocessortracefeedback AT yingqiluo ptfuzzguidedfuzzingwithprocessortracefeedback AT xugangwu ptfuzzguidedfuzzingwithprocessortracefeedback AT erxuemin ptfuzzguidedfuzzingwithprocessortracefeedback |
_version_ |
1724193819633647616 |