ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries
In recent years, coverage-guided technology has become the mainstream method of fuzzing. A coverage-guided fuzzer can guide a program to a new path (edge) so that previously untested code can be tested. As coverage-guided fuzzers have become more popular, the difficulty of discovering vulnerabilitie...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-09-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/12/19/9782 |
| _version_ | 1797480714458890240 |
|---|---|
| author | Xinglu He Pengfei Wang Kai Lu Xu Zhou |
| author_facet | Xinglu He Pengfei Wang Kai Lu Xu Zhou |
| author_sort | Xinglu He |
| collection | DOAJ |
| description | In recent years, coverage-guided technology has become the mainstream method of fuzzing. A coverage-guided fuzzer can guide a program to a new path (edge) so that previously untested code can be tested. As coverage-guided fuzzers have become more popular, the difficulty of discovering vulnerabilities has increased significantly. This paper proposes ObFuzzer, an object-oriented binary hybrid fuzzer based on a new assumption. Namely, the object which has been operated more times and operated in more positions is more likely to have defects. Our ObFuzzer consists of the following steps. First, ObFuzzer obtains the inner relations of object operations in the target program through static analysis and analyzes the riskiness of the basic blocks containing such operations. Then, ObFuzzer generates test cases that can guide the program to the basic blocks that this paper considers to be the most dangerous by symbolic execution. Finally, fuzzing is performed using the riskiness of the object operations rather than code coverage. To demonstrate the effectiveness of ObFuzzer over a traditional coverage-guided fuzzer, this paper evaluates its performance in a real program. When facing object-oriented programs, ObFuzzer has a 29% to 40% increase in object operation complexity during execution. These more complex object operations can enhance the ability to discover vulnerabilities related to object operations. Eventually, ObFuzzer found five unique vulnerabilities and one logic error without a crash in “xpdf”. |
| first_indexed | 2024-03-09T22:04:03Z |
| format | Article |
| id | doaj.art-ed2f2a816d374979b1b4b1d117a7a278 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-09T22:04:03Z |
| publishDate | 2022-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-ed2f2a816d374979b1b4b1d117a7a2782023-11-23T19:45:35ZengMDPI AGApplied Sciences2076-34172022-09-011219978210.3390/app12199782ObFuzzer: Object-Oriented Hybrid Fuzzer for BinariesXinglu He0Pengfei Wang1Kai Lu2Xu Zhou3College of Computer, National University of Defense Technology, Changsha 410073, ChinaCollege of Computer, National University of Defense Technology, Changsha 410073, ChinaCollege of Computer, National University of Defense Technology, Changsha 410073, ChinaCollege of Computer, National University of Defense Technology, Changsha 410073, ChinaIn recent years, coverage-guided technology has become the mainstream method of fuzzing. A coverage-guided fuzzer can guide a program to a new path (edge) so that previously untested code can be tested. As coverage-guided fuzzers have become more popular, the difficulty of discovering vulnerabilities has increased significantly. This paper proposes ObFuzzer, an object-oriented binary hybrid fuzzer based on a new assumption. Namely, the object which has been operated more times and operated in more positions is more likely to have defects. Our ObFuzzer consists of the following steps. First, ObFuzzer obtains the inner relations of object operations in the target program through static analysis and analyzes the riskiness of the basic blocks containing such operations. Then, ObFuzzer generates test cases that can guide the program to the basic blocks that this paper considers to be the most dangerous by symbolic execution. Finally, fuzzing is performed using the riskiness of the object operations rather than code coverage. To demonstrate the effectiveness of ObFuzzer over a traditional coverage-guided fuzzer, this paper evaluates its performance in a real program. When facing object-oriented programs, ObFuzzer has a 29% to 40% increase in object operation complexity during execution. These more complex object operations can enhance the ability to discover vulnerabilities related to object operations. Eventually, ObFuzzer found five unique vulnerabilities and one logic error without a crash in “xpdf”.https://www.mdpi.com/2076-3417/12/19/9782vulnerability discoveryhybrid fuzzerstatic analysissymbolic executionobject-oriented fuzzing |
| spellingShingle | Xinglu He Pengfei Wang Kai Lu Xu Zhou ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries Applied Sciences vulnerability discovery hybrid fuzzer static analysis symbolic execution object-oriented fuzzing |
| title | ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries |
| title_full | ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries |
| title_fullStr | ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries |
| title_full_unstemmed | ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries |
| title_short | ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries |
| title_sort | obfuzzer object oriented hybrid fuzzer for binaries |
| topic | vulnerability discovery hybrid fuzzer static analysis symbolic execution object-oriented fuzzing |
| url | https://www.mdpi.com/2076-3417/12/19/9782 |
| work_keys_str_mv | AT xingluhe obfuzzerobjectorientedhybridfuzzerforbinaries AT pengfeiwang obfuzzerobjectorientedhybridfuzzerforbinaries AT kailu obfuzzerobjectorientedhybridfuzzerforbinaries AT xuzhou obfuzzerobjectorientedhybridfuzzerforbinaries |