Title: Fuzzing with Advanced Program Exploration and Bug Modeling for Software Security

Yongheng Chen
Ph.D. Candidate in Computer Science

School of Cybersecurity and Privacy

Georgia Institute of Technology

Date/Time: Mon 5/6/2024 3:00 PM - 4:00 PM Eastern Time (US and Canada)
Location: Coda C1008 Bolton
Zoom link: https://gatech.zoom.us/j/92742823829?pwd=Q0lzL3NZWlV5M3o5bFBVL3hhWGVmZz09

Committee:

Dr. Wenke Lee (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Saman Zonouz,  School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Brendan Saltaformaggio, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Daniel Genkin, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. László Szekeres, Google Research, Google

Abstract:
Fuzzing is a well-received software testing technique. It operates by generating random inputs and then executing these against a given target program, thus probing various program states to pinpoint anomalies. Despite its proven utility, fuzzing has its limitations. Like other dynamic testing methods, it struggles with inadequate exploration of the program state space. This limitation stems from issues such as the unstructured nature of the generated inputs and the inefficient use of computational resources across multiple cores. A more critical shortcoming is the lack of bug modeling. Fuzzing primarily detects bugs through program crashes, overlooking a myriad of bugs that do not crash the program execution but are equally consequential. While the development of dedicated oracles represents a stride toward refined bug modeling, this solution is often impractical due to the high costs associated with crafting oracles that are typically bug-specific or tailored to individual programs.

To address these limitations, we propose two-dimensional improvements, which enhance the program exploration and bug modeling of fuzzing in a scalable way. To explore more program states, we propose POLYGLOT and µFUZZ to scale the program exploration capability vertically and horizontally. Specifically, POLYGLOT utilizes a unified intermediate representation to handle diverse programming languages, effectively generating semantically valid inputs that result in deeper program exploration. µFUZZ, on the other hand, employs a microservice architecture to maximize the efficiency of parallel fuzzing, reducing synchronization overhead and enhancing the utilization of computational resources. To enhance bug modeling, we introduce PROPGUARD, a framework that enables the specification and detection of a wide range of bug patterns, moving beyond mere crash detection to identify non-crashing bugs. By allowing users to define bug patterns through an intuitive specification language, PROPGUARD facilitates the development of targeted fuzzing oracles, thus significantly broadening the spectrum of detectable software vulnerabilities.