Graphics Card Based Fuzzing

Fuzzing is the art of creating data and using that generated data as input for a target program. The goal behind this is to crash the program in a manner that can be analyzed and exploited. Software developers are able to benefit from fuzzers, as they can patch the discovered vulnerabilities before an attacker exploits them. Programs are becoming larger and require improved fuzzers to keep up with the increased attack surface. Most innovations in fuzzer development are software related and provide better path coverage or data generation. This paper proposes creating a fuzzer that is designed to utilize a dedicated graphics card's graphics processing unit (GPU) instead of the standard processor. Much of the code within the fuzzer is parallelizable, meaning the graphics card could potentially process it in a much more efficient manner. The effectiveness of GPU fuzzing is assessed herein.

[1]  Choongwoo Han,et al.  The Art, Science, and Engineering of Fuzzing: A Survey , 2018, IEEE Transactions on Software Engineering.

[2]  David S. Rosenberg,et al.  Improving Grey-Box Fuzzing by Modeling Program Behavior , 2018, ArXiv.

[3]  Ewa Niewiadomska-Szynkiewicz,et al.  Comparative study of massively parallel cryptalysis and cryptography on CPU-GPU cluster , 2013, 2013 Military Communications and Information Systems Conference.

[4]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Yan Wang,et al.  A systematic review of fuzzing based on machine learning techniques , 2019, PloS one.

[6]  Andrew Ruef,et al.  Evaluating Fuzz Testing , 2018, CCS.

[7]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[8]  Guillermo L. Grinblat,et al.  Toward Large-Scale Vulnerability Discovery using Machine Learning , 2016, CODASPY.

[9]  Abhik Roychoudhury,et al.  Coverage-Based Greybox Fuzzing as Markov Chain , 2016, IEEE Transactions on Software Engineering.

[10]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Taesoo Kim,et al.  Fuzzification: Anti-Fuzzing Techniques , 2019, USENIX Security Symposium.