ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software

Software is usually built on top of shared libraries. Vulnerabilities that lie in those dependencies may have huge impact on multiple software. ICU (International Components for Unicode) is one of the most widely used common components in modern software, providing Unicode and Globalization support. ICU is used in a wide range of software from over 70 companies and organizations, including very popular software such as Chrome, Android, macOS, iOS, Windows 10, Edge, Firefox.

[1]  Martin C. Rinard,et al.  Taint-based directed whitebox fuzzing , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[2]  Herbert Bos,et al.  The BORG: Nanoprobing Binaries for Buffer Overreads , 2015, CODASPY.

[3]  Stavros A. Koubias,et al.  A Modbus/TCP Fuzzer for testing internetworked industrial systems , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[4]  Stephen McCamant,et al.  Transformation-aware Exploit Generation using a HI-CFG , 2013 .

[5]  Adam Kiezun,et al.  jFuzz: A Concolic Whitebox Fuzzer for Java , 2009, NASA Formal Methods.

[6]  Will Drewry,et al.  Flayer: Exposing Application Internals , 2007, WOOT.

[7]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[8]  Mark Davis,et al.  Tags for Identifying Languages , 2009, RFC.

[9]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[10]  Cacm Staff,et al.  BufferBloat , 2011, Communications of the ACM.

[11]  Herbert Bos,et al.  Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations , 2013, USENIX Security Symposium.

[12]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[13]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[14]  Kun Yang,et al.  IntentFuzzer: detecting capability leaks of android applications , 2014, AsiaCCS.