Existing directed greybox fuzzers have difficulty in discovering vulnerabilities such as use-after-free that require sequential arrival at multiple target basic blocks in order to be triggered, which we refer to as Multistep Vulnerabilities. On the one hand, it is because they seldom consider the sequential relationship between target basic blocks, leading to inefficient power scheduling. On the other hand, it is because the seed mutation usually takes a random and blind approach, leading to low quality of the generated test cases. In this paper, we introduce a novel Directed Greybox Fuzzing with Multiple Ordered Target Basic Blocks for Multistep Vulnerabilities (MOT-Fuzz). First, we design a multi-indicators power scheduling method to comprehensively consider multiple indicators such as sequence coverage and distance to allocate seed power. Then, we propose a seed mutation technique based on a multi-armed bandit to adaptively select the most favorable mutation operation and mutation location. We implement MOT-Fuzz based on AFLGo, and experimentally compare it with existing classic fuzzers to demonstrate its performance in exposing multi-target crashes.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

MOT-Fuzz: A Novel Directed Greybox Fuzzing with Multiple Ordered Target Basic Blocks for Multistep Vulnerabilities

  • Kangrui Li,
  • Zan Zhou,
  • Shujie Yang,
  • Changqiao Xu

摘要

Existing directed greybox fuzzers have difficulty in discovering vulnerabilities such as use-after-free that require sequential arrival at multiple target basic blocks in order to be triggered, which we refer to as Multistep Vulnerabilities. On the one hand, it is because they seldom consider the sequential relationship between target basic blocks, leading to inefficient power scheduling. On the other hand, it is because the seed mutation usually takes a random and blind approach, leading to low quality of the generated test cases. In this paper, we introduce a novel Directed Greybox Fuzzing with Multiple Ordered Target Basic Blocks for Multistep Vulnerabilities (MOT-Fuzz). First, we design a multi-indicators power scheduling method to comprehensively consider multiple indicators such as sequence coverage and distance to allocate seed power. Then, we propose a seed mutation technique based on a multi-armed bandit to adaptively select the most favorable mutation operation and mutation location. We implement MOT-Fuzz based on AFLGo, and experimentally compare it with existing classic fuzzers to demonstrate its performance in exposing multi-target crashes.