Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

06/13/2022
by   Fatimah K. Aljaafari, et al.
0

Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose and evaluate EBF (Ensembles of Bounded Model Checking with Fuzzing) – a technique that combines Bounded Model Checking (BMC) and Gray-Box Fuzzing (GBF) to find software vulnerabilities in concurrent programs. Since there are no publicly-available GBF tools for concurrent code, we first propose a novel concurrency-aware gray-box fuzzer that explores different thread schedules by instrumenting the code under test with random delays controlled by the fuzzing engine. Then, we build an ensemble of one BMC and one GBF tool in the following way. On the one hand, when the BMC tool in the ensemble returns a counterexample, we use it as a seed for our GBF tool, thus increasing the likelihood of executing paths guarded by complex mathematical expressions. On the other hand, we aggregate the outcomes of the BMC and GBF tools in the ensemble using a decision matrix, thus improving the accuracy of EBF. We evaluate EBF against state-of-the-art pure BMC tools and show that it can generate up to 14.9 Furthermore, we demonstrate the efficacy of our concurrency-aware GBF by showing that it can find 21.4 while non-concurrency-aware GBF tools can only find 0.55 our concurrency-aware GBF tool, EBF detects a data race in the open-source wolfMqtt library, which demonstrates its effectiveness in finding vulnerabilities in real-world software.

READ FULL TEXT
research
12/21/2020

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs

We describe and evaluate a novel white-box fuzzer for C programs named F...
research
03/21/2021

EBF: A Hybrid Verification Tool for Finding Software Vulnerabilities in IoT Cryptographic Protocols

Internet of Things (IoT) consists of a large number of smart devices con...
research
06/28/2022

FuSeBMC v4: Improving code coverage with smart seeds via fuzzing and static analysis

Bounded model checking (BMC) and fuzzing techniques are among the most e...
research
02/05/2023

CBMC: The C Bounded Model Checker

The C Bounded Model Checker (CBMC) demonstrates the violation of asserti...
research
08/19/2022

Awaiting for Godot: Stateless Model Checking that Avoids Executions where Nothing Happens

Stateless Model Checking (SMC) is a verification technique for concurren...
research
12/21/2020

Bounded Model Checking of Software Using Interval Methods via Contractors

Bounded model checking (BMC) is a vital technique to find property viola...
research
12/20/2021

FuSeBMC v.4: Smart Seed Generation for Hybrid Fuzzing

FuSeBMC is a test generator for finding security vulnerabilities in C pr...

Please sign up or login with your details

Forgot password? Click here to reset