A heuristic fuzz test generator for Java native interface

It is well known that once a Java application uses native C/C++ methods through the Java Native Interface (JNI), any security guarantees provided by Java might be invalidated by the native methods. So any vulnerability in this trusted native code can compromise the security of the Java program. Fuzzing test is an approach to software testing whereby the system being tested is bombarded with inputs generated by another program. When using fuzzer to test JNI programs, how to accurately reach the JNI functions and run through them to find the sensitive system APIs is the pre-condition of the test. In this paper, we present a heuristic fuzz generator method on JNI vulnerability detection based on the branch predication information of program. The result in the experiment shows our method can use less fuzzing times to reach more sensitive windows APIs in Java native code.

[1]  Abhik Roychoudhury,et al.  Model-based whitebox fuzzing for program binaries , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[2]  Soumya Paul,et al.  A Probabilistic Analysis of the Efficiency of Automated Software Testing , 2016, IEEE Transactions on Software Engineering.

[3]  Abhik Roychoudhury,et al.  Coverage-Based Greybox Fuzzing as Markov Chain , 2016, IEEE Transactions on Software Engineering.

[4]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.

[5]  Richard McNally,et al.  Fuzzing: The State of the Art , 2012 .

[6]  Maozhen Li,et al.  Preface , 2016, Int. J. Pattern Recognit. Artif. Intell..

[7]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.