论文信息 - QuickFuzz: an automatic random fuzzer for common file formats

QuickFuzz: an automatic random fuzzer for common file formats

Fuzzing is a technique that involves testing programs using invalid or erroneous inputs. Most fuzzers require a set of valid inputs as a starting point, in which mutations are then introduced. QuickFuzz is a fuzzer that leverages QuickCheck-style random test-case generationto automatically test programs that manipulate common file formats by fuzzing. We rely on existing Haskell implementations of file-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in the wild and found that the approach is effective in discovering vulnerabilities in real-world implementations of browsers, image processing utilities and file compressors among others. In addition, we introduce a mechanism to automatically derive random generators for the types representing these formats. QuickFuzz handles most well-known image and media formats, and can be used to test programs and libraries written in any language.

[1] Barton P. Miller,et al. An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[2] K. Claessen,et al. QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP '00.

[3] Simon L. Peyton Jones,et al. Template meta-programming for Haskell , 2002, Haskell '02.

[4] Andreas Zeller,et al. Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[5] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[6] Pedram Amini,et al. Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[7] Adam Kiezun,et al. Grammar-based whitebox fuzzing , 2008, PLDI '08.

[8] Koen Claessen,et al. Testing an optimising compiler by generating random lambda terms , 2011, AST '11.

[9] Xuejun Yang,et al. Finding and understanding bugs in C compilers , 2011, PLDI '11.

[10] Derek Bruening,et al. AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[11] David Brumley,et al. Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.