A Survey of Hybrid Fuzzing based on Symbolic Execution

Fuzzing has now developed into an efficient method of vulnerability mining. Symbolic execution is also a popular software vulnerability mining technology. Both are research hotspots in the field of network and information security. Hybrid fuzzing is the addition of symbolic execution technology on the basis of traditional fuzzing, and has now developed into a new branch of fuzzing. This article studies the existing hybrid fuzzing methods, reviews the development and evolution process and technical core of hybrid fuzzing, and compares the performance of currently well-known hybrid fuzzing through an experimental method based on symbolic execution. Finally, it discusses the existing problems in the field of hybrid fuzzing testing, and tries to look forward to its future development trend.

[1]  Kostya Serebryany,et al.  OSS-Fuzz - Google's continuous fuzzing service for open source software , 2017 .

[2]  Brian S. Pak,et al.  Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution , 2012 .

[3]  BaldoniRoberto,et al.  A Survey of Symbolic Execution Techniques , 2018 .

[4]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[5]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[6]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[7]  Peng Li,et al.  SAVIOR: Towards Bug-Driven Hybrid Testing , 2019, 2020 IEEE Symposium on Security and Privacy (SP).

[8]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.

[9]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[10]  Mathias Payer,et al.  T-Fuzz: Fuzzing by Program Transformation , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[11]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[12]  Meng Xu,et al.  QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing , 2018, USENIX Security Symposium.

[13]  Xiangyu Zhang,et al.  SLF: Fuzzing without Valid Seed Inputs , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[14]  Chao Zhang,et al.  MOPT: Optimized Mutation Scheduling for Fuzzers , 2019, USENIX Security Symposium.

[15]  Roberto Baldoni,et al.  A Survey of Symbolic Execution Techniques , 2016, ACM Comput. Surv..

[16]  Abhik Roychoudhury,et al.  Coverage-Based Greybox Fuzzing as Markov Chain , 2016, IEEE Transactions on Software Engineering.