MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs

07/31/2020
by   Hongxu Chen, et al.
0

Grey-box fuzz testing has revealed thousands of vulnerabilities in real-world software owing to its lightweight instrumentation, fast coverage feedback, and dynamic adjusting strategies. However, directly applying grey-box fuzzing to input-dependent multithreaded programs can be extremely inefficient. In practice, multithreading-relevant bugs are usually buried in sophisticated program flows. Meanwhile, the existing grey-box fuzzing techniques do not stress thread-interleavings which affect execution states in multithreaded programs. Therefore, mainstream grey-box fuzzers cannot effectively test problematic segments in multithreaded programs despite they might obtain high code coverage statistics. To this end, we propose MUZZ, a new grey-box fuzzing technique that hunts for bugs in multithreaded programs. MUZZ owns three novel thread-aware instrumentations, namely coverage-oriented instrumentation, thread-context instrumentation, and schedule-intervention instrumentation. During fuzzing, these instrumentations engender runtime feedback to stress execution states caused by thread interleavings. By leveraging the feedback in the dynamic seed selection and execution strategies, MUZZ preserves more valuable seeds that expose bugs in a multithreading context. We evaluate MUZZ on 12 real-world software programs. Experiments show that MUZZ outperforms AFL in both multithreading-relevant seed generation and concurrency-vulnerability detection. Further, by replaying the target programs against the generated seeds, MUZZ also reveals more concurrency-bugs (e.g., data-races, thread-leaks) than AFL. In total, MUZZ detected 8 new concurrency-vulnerabilities and 19 new concurrency-bugs. At the time of writing, 4 CVE IDs have been assigned to the reported issues.

READ FULL TEXT

page 11

page 13

research
07/15/2018

NEUZZ: Efficient Fuzzing with Neural Program Learning

Fuzzing has become the de facto standard technique for finding software ...
research
10/07/2020

Fuzzing Based on Function Importance by Attributed Call Graph

Fuzzing has become one of the important methods for vulnerability detect...
research
06/18/2019

SAVIOR: Towards Bug-Driven Hybrid Testing

Hybrid testing combines fuzz testing and concolic execution. It leverage...
research
05/25/2019

PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary

Despite its effectiveness in uncovering software defects, American Fuzzy...
research
09/16/2020

Improving Linux-Kernel Tests for LockDoc with Feedback-driven Fuzzing

LockDoc is an approach to extract locking rules for kernel data structur...
research
02/20/2020

MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing

Seed scheduling is a prominent factor in determining the yields of hybri...
research
03/30/2022

Enhanced Grey Box Fuzzing For Intel Media Driver

Grey box fuzzing is one of the most successful methods for automatic vul...

Please sign up or login with your details

Forgot password? Click here to reset