论文信息 - A Large-scale Parallel Fuzzing System

A Large-scale Parallel Fuzzing System

The application of parallelization to fuzzing can effectively improve test efficiency. But with the expansion of node scale, synchronization mechanism will become the bottleneck. To solve this problem, this paper presents a method which is suitable for large-scale parallelization to generate test cases. It simplifies the execution path of tree form into a one-dimensional array by preprocessing, which ensures validity and reduces processing time. This paper also designs and implements a parallel fuzzing system using this method. The system uses a polling mechanism to reduce repetitive tasks. A jump-oriented strategy is adopted to reduce redundancy when filtering crashes. At the end of this paper, the effectiveness of the system in improving the efficiency of fuzzing is further demonstrated through experiments.

Yang Li | Chaojing Tang | Chao Feng

[1] Guofei Gu,et al. TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[2] Jared D. DeMott,et al. Fuzzing for Software Security Testing and Quality Assurance , 2008 .

[3] Koushik Sen. DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[4] Barton P. Miller,et al. An empirical study of the robustness of MacOS applications using random testing , 2007, OPSR.

[5] David Wagner,et al. Dynamic test generation for large binary programs , 2009 .

[6] Dong Hoon Lee,et al. Efficient file fuzz testing using automated analysis of binary file format , 2011, J. Syst. Archit..

[7] Quan Zhang,et al. Software Vulnerabilities Detection Based on Random Programming , 2014 .

[8] Martin C. Rinard,et al. Taint-based directed whitebox fuzzing , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[9] Shih-Kun Huang,et al. Software Crash Analysis for Automatic Exploit Generation on Binary Programs , 2014, IEEE Transactions on Reliability.

[10] Pedram Amini,et al. Fuzzing: Brute Force Vulnerability Discovery , 2007 .