Browser fuzzing by scheduled mutation and generation of document object models

Internet applications have made our daily life fruitful. However, they also cause many security problems if these applications are leveraged by intruders. Thus, it is important to find and fix vulnerabilities timely to prevent application vulnerabilities from being exploited. Fuzz testing is a popular methodology that effectively finds vulnerabilities in application programs with seed input mutation. However, it is not a satisfied solution for the web browsers. In this work, we propose a solution, called scheduled DOM fuzzing (SDF), which integrates several related browser fuzzing tools and the fuzzing framework called BFF. To explore more crash possibilities, we revise the browser fuzzing architecture and schedule seed input selection and mutation dynamically. We also propose two probability computing methods in scheduling mechanism which tries to improve the performance by determining which combinations of seed and mutation would produce more crashes. Our experiments show that SDF is 2.27 time more efficient in terms of the number of crashes and vulnerabilities found at most. SDF also has the capacity for finding 23 exploitable crashes in Windows 7 within five days. The experimental results reveals that a good scheduling method for seed and mutations in browser fuzzing is able to find more exploitable crashes than fuzzers with the fixed seed input.

[1]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[2]  David Brumley,et al.  Scheduling black-box mutational fuzzing , 2013, CCS.

[3]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[4]  Zhuhua Cai,et al.  Software Vulnerability Discovery Techniques: A Survey , 2012, 2012 Fourth International Conference on Multimedia Information Networking and Security.

[5]  J. Brown,et al.  Bridging epistemologies: The generative dance between organizational knowledge and organizational knowing , 1999, STUDI ORGANIZZATIVI.

[6]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[7]  William A. Arbaugh,et al.  IEEE 52 Computer , 1985 .

[8]  Shih-Kun Huang,et al.  CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[9]  David Brumley,et al.  Optimizing Seed Selection for Fuzzing , 2014, USENIX Security Symposium.