641800 event 1606939659 1606939659 <![CDATA[PhD Proposal by Wen Xu]]> Title: An IR-based Fuzzing Approach for Finding Context-Aware Bugs in API-based Systems

 

Wen Xu

Ph.D. Student

School of Computer Science

College of Computing

Georgia Institute of Technology

 

Date: Wednesday, December 2, 2020

Time: 1:00 pm - 2:30 pm (EST)

Location: *No Physical Location*

BlueJeans: https://gatech.bluejeans.com/5992360268

 

Committee:

---------------

Dr. Taesoo Kim (Advisor, School of Computer Science, Georgia Institute of Technology)

Dr. Wenke Lee (School of Computer Science, Georgia Institute of Technology)

Dr. Alessandro Orso (School of Computer Science, Georgia Institute of Technology)

Dr. Qirun Zhang (School of Computer Science, Georgia Institute of Technology)

Dr. Weidong Cui (Microsoft Research Redmond)

 

Abstract:

---------------

Fuzzing, a time-honored software testing approach, has gained increasing

popularity in recent years. With the emerging utilization of coverage

feedback, random inputs generated by merely byte- or syntactic-level

mutations effectively discover numerous bugs in the real-world programs that

accept binary or structural inputs. Nevertheless, API-based systems, a large

group of security critical software including OS kernels and web browsers,

that accept a program input comprising API calls are the exceptions. The deep

context-aware bugs in API-based systems involve semantically correct inputs

with certain context complexity. Such inputs are hardly constructed in a

context-insensitive manner even with feedback guidance in practice.

 

In this proposal, we first present two state-of-the-art fuzzers that find

context-aware bugs in different API-based systems with domain-specific

designs. The first one is Janus, a kernel file system fuzzer. In the design

of Janus, we first time introduce the concept of context-aware API

generation. Particularly, Janus maintains file object states to generate

every file operation and updates the states after generation in order to avoid

semantic errors. The second one is FREEDOM, a DOM engine fuzzer. Unlike the

previous fuzzers that can only generate random HTML documents based on

context-free grammars, FREEDOM designs a custom IR for HTML document to

enable both DOM API generation and mutation in a context-aware manner.

 

Finally, we will propose GAF (General-API-Fuzzing), an API fuzzing platform

that adopts a general IR-based solution to context-aware API call generation

and mutation for any type of common API-based systems. GAF provides a

pseudoformal language for the developers to define not only API prototypes but

also context interactions. GAF then automatically compiles an API grammar

file into a fuzzing engine that generates random API programs represented in

GAF IR based on the grammar. A GAF IR program can also be mutated into new

ones with context-awareness for testing. In general, GAF aims at being the

first design standard for general API fuzzers and facilitating bug finding

in real-world API-based systems.

]]> <![CDATA[Bluejeans]]> 221981 1788 102851