Static Instrumentation for Performant Binary Fuzzing
Open Access
- Author:
- Pauley, Eric
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Master of Science
- Document Type:
- Master Thesis
- Date of Defense:
- March 16, 2020
- Committee Members:
- Patrick Drew Mcdaniel, Thesis Advisor/Co-Advisor
Danfeng Zhang, Committee Member
Chitaranjan Das, Program Head/Chair - Keywords:
- fuzzing
security
program analysis - Abstract:
- Rapid advancements in fuzz testing have achieved the ability to quickly and comprehensively find security-critical faults in software systems. Yet, the most advanced of these techniques rely on access to application source code, which is often unavailable in practice. In this paper, we explore techniques to replicate the depth and efficiency of source-code available fuzzers via static binary instrumentation. Developing such instrumentation is difficult because compilation is a lossy process, and much of the source-level semantics leveraged by these techniques are not available in binaries. We recover much of this information via heuristic control flow reconstruction, a shadow stack for function identification, and a novel technique for instrumenting comparison instructions. We evaluate ReFuzz on the LAVA-M dataset, achieving the same effectiveness as a best-in-class source-available fuzzer with a 3.4× execution time overhead (lower than existing dynamic fuzzing approaches). In this way, we show that techniques for binary fuzzing may approach the functional ability of source-available fuzzing.