FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Alshmrany, Kaled M.; Menezes, Rafael; Gadelha, Mikhail R.; Cordeiro, Lucas C.

doi:10.1007/978-3-030-71500-7_19

“…In earlier work [4], we presented FuSeBMC, an automated test generation tool that exploits the combination of Fuzzing and Bounded Model Checking. FuSeBMC achieved second place in Test-Comp 2021 [5,3] and first place in the Cover-Error category. It ranked fourth in the Cover-Branches category.…”

Section: Overviewmentioning

confidence: 98%

FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing

Alshmrany¹,

Aldughaim²,

Bhayat³

et al. 2021

Preprint

Self Cite

0

View full text Add to dashboard Cite

FuSeBMC is a test generator for finding security vulnerabilities in C programs. In earlier work [4], we described a previous version that incrementally injected labels to guide Bounded Model Checking (BMC) and Evolutionary Fuzzing engines to produce test cases for code coverage and bug finding. This paper introduces a new version of FuSeBMC that utilizes both engines to produce smart seeds. First, the engines are run with a short time limit on a lightly instrumented version of the program to produce the seeds. The BMC engine is particularly useful in producing seeds that can pass through complex mathematical guards. Then, FuSeBMC runs its engines with more extended time limits using the smart seeds created in the previous round. FuSeBMC manages this process in two main ways using its Tracer subsystem. Firstly, it uses shared memory to record the labels covered by each test case. Secondly, it evaluates test cases, and those of high impact are turned into seeds for subsequent test fuzzing. As a result, we significantly increased our code coverage score from last year, outperforming all tools that participated in this year's competition in every single category.

show abstract

“…• FuSeBMC [26], [27]: This is a white-box fuzzer that injects labels into C programs and then use a combination of ESBMC and a path-based symbolic execution tool called Map2check [28] to find inputs that reach those labels (while checking for vulnerabilities).…”

Section: B Static Analysismentioning

confidence: 99%

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Bhayat¹,

Cordeiro²,

Reger³

et al. 2021

Preprint

0

View full text Add to dashboard Cite

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.

show abstract

“…• FuSeBMC [27], [28]: This is a white-box fuzzer that injects labels into C programs and then use a combination of ESBMC and a path-based symbolic execution tool called Map2check [29] to find inputs that reach those labels (while checking for vulnerabilities).…”

Section: B Static Analysismentioning

confidence: 99%

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Bhayat¹,

Cordeiro²,

Reger³

et al. 2021

Preprint

0

View full text Add to dashboard Cite

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.

show abstract

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Cited by 12 publications

References 8 publications

FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing

FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Contact Info

Product

Resources

About