JIGSAW: Efficient and Scalable Path Constraints Fuzzing

Chen, Ju; Wang, Jinghan; Song, Chengyu; Yin, Heng

doi:10.1109/sp46214.2022.9833796

Cited by 12 publications

(5 citation statements)

References 77 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, these methods are far from perfect since they are built on the token level and the AST level rather than the semantic level, and this leads to the scenario that two semantically equal code snippets may have a relatively low CodeBLEU score. Some methods like dynamic testing [29] or symbolic execution [20,54] have been proposed to solve this. But such methods are either too heavy to be practical or even impractical for code snippet which does not have a clear input and output.…”

Section: Discussionmentioning

confidence: 99%

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

Li¹,

Wang²,

Ma³

et al. 2023

Preprint

View full text Add to dashboard Cite

Recent progress in large language code models (LLCMs) has led to a dramatic surge in the use of software development. Nevertheless, it is widely known that training a well-performed LLCM requires a plethora of workforce for collecting the data and high quality annotation. Additionally, the training dataset may be proprietary (or partially open source to the public), and the training process is often conducted on a large-scale cluster of GPUs with high costs. Inspired by the recent success of imitation attacks in extracting computer vision and natural language models, this work launches the first imitation attack on LLCMs: by querying a target LLCM with carefully-designed queries and collecting the outputs, the adversary can train an imitation model that manifests close behavior with the target LLCM. We systematically investigate the effectiveness of launching imitation attacks under different query schemes and different LLCM tasks. We also design novel methods to polish the LLCM outputs, resulting in an effective imitation training process. We summarize our findings and provide lessons harvested in this study that can help better depict the attack surface of LLCMs. Our research contributes to the growing body of knowledge on imitation attacks and defenses in deep neural models, particularly in the domain of code related tasks.

show abstract

Section: Discussionmentioning

confidence: 99%

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

Li¹,

Wang²,

Ma³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Using program analysis and constraint solving, DSE can generate inputs that effectively penetrate through the path constraints toward the target sites. Although some state-of-the-art works, such as symcc [40], symqemu [39], and JigSaw [9], have been proposed to develop the symbolic execution, the heavyweight program analysis, path-explosion problem, and constraint solving of DSE still limit its scalability.…”

Section: Related Workmentioning

confidence: 99%

DeepGo: Predictive Directed Greybox Fuzzing

Lin,

Wang,

Zhou

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Directed Greybox Fuzzing (DGF) is an effective approach designed to strengthen testing vulnerable code areas via predefined target sites. The state-of-the-art DGF techniques redefine and optimize the fitness metric to reach the target sites precisely and quickly. However, optimizations for fitness metrics are mainly based on heuristic algorithms, which usually rely on historical execution information and lack foresight on paths that have not been exercised yet. Thus, those hard-to-execute paths with complex constraints would hinder DGF from reaching the targets, making DGF less efficient.In this paper, we propose DeepGo, a predictive directed greybox fuzzer that can combine historical and predicted information to steer DGF to reach the target site via an optimal path. We first propose the path transition model, which models DGF as a process of reaching the target site through specific path transition sequences. The new seed generated by mutation would cause the path transition, and the path corresponding to the highreward path transition sequence indicates a high likelihood of reaching the target site through it. Then, to predict the path transitions and the corresponding rewards, we use deep neural networks to construct a Virtual Ensemble Environment (VEE), which gradually imitates the path transition model and predicts the rewards of path transitions that have not been taken yet. To determine the optimal path, we develop a Reinforcement Learning for Fuzzing (RLF) model to generate the transition sequences with the highest sequence rewards. The RLF model can combine historical and predicted path transitions to generate the optimal path transition sequences, along with the policy to guide the mutation strategy of fuzzing. Finally, to exercise the highreward path transition sequence, we propose the concept of an action group, which comprehensively optimizes the critical steps of fuzzing to realize the optimal path to reach the target efficiently. We evaluated DeepGo on 2 benchmark suites consisting of 25 programs with a total of 100 target sites. The experimental results show that DeepGo achieves 3.23×, 1.72×, 1.81×, and 4.83× speedup compared to AFLGo, BEACON, WindRanger, and ParmeSan, respectively in reaching target sites, and 2.61×, 3.32×, 2.43× and 2.53× speedup in exposing known vulnerabilities.

show abstract

“…Researchers continue to refine graybox fuzzing techniques by developing new methodologies for mutating test cases [3,21,33,39], managing test cases [11,43,48], providing feedback on program behavior [15,23,35,47,49] and more [13,34,41,50].…”

Section: Fuzz Testingmentioning

confidence: 99%

CrabSandwich: Fuzzing Rust with Rust (Registered Report)

Crump,

Zhang,

Asif

et al. 2023

Proceedings of the 2nd International Fuzzing Workshop

View full text Add to dashboard Cite

The Rust programming language is one of the fastest-growing programming languages, thanks to its unique blend of high performance execution and memory safety. Still, programs implemented in Rust can contain critical bugs. Apart from logic bugs and crashes, code in unsafe blocks can still trigger memory corruptions. To find these, the community uses traditional fuzzers like LibFuzzer or AFL ++ , in combination with Rust-specific macros. Of course, the fuzzers themselves are still written in memory-unsafe languages.In this paper, we explore the possibility of replacing the input generators with Rust, while staying compatible to existing harnesses. Based on the Rust fuzzer library LibAFL, we develop CrabSandwich, a drop-in replacement for the C ++ component of cargo-fuzz. We evaluate our tool, written in Rust, against the original fuzzer LibFuzzer. We show that we are not only able to successfully fuzz all three targets we tested with CrabSandwich, but outperform cargofuzz in bug coverage. During our preliminary evaluation, we already manage to uncover new bugs in the pdf crate that could not be found by cargo-fuzz, proving the real-world applicability of our approach, and giving us high hopes for the planned follow-up evaluations. CCS CONCEPTS• Security and privacy → Software security engineering.

show abstract

JIGSAW: Efficient and Scalable Path Constraints Fuzzing

Cited by 12 publications

References 77 publications

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

On the Feasibility of Specialized Ability Stealing for Large Language Code Models

DeepGo: Predictive Directed Greybox Fuzzing

CrabSandwich: Fuzzing Rust with Rust (Registered Report)

Contact Info

Product

Resources

About