Taint-based Directed Whitebox Fuzzing
Author(s)Rinard, Martin C.; Ganesh, Vijay; Leek, Tim
MetadataShow full item record
We present a new automated white box fuzzing technique and a tool, BuzzFuzz, that implements this technique. Unlike standard fuzzing techniques, which randomly change parts of the input file with little or no information about the underlying syntactic structure of the file, BuzzFuzz uses dynamic taint tracing to automatically locate regions of original seed input files that influence values used at key program attack points (points where the program may contain an error). BuzzFuzz then automatically generates new fuzzed test input files by fuzzing these identified regions of the original seed input files. Because these new test files typically preserve the underlying syntactic structure of the original seed input files, they tend to make it past the initial input parsing components to exercise code deep within the semantic core of the computation. We have used BuzzFuzz to automatically find errors in two open-source applications: Swfdec (an Adobe Flash player) and MuPDF (a PDF viewer). Our results indicate that our new directed fuzzing technique can effectively expose errors located deep within large programs. Because the directed fuzzing technique uses taint to automatically discover and exploit information about the input file format, it is especially appropriate for testing programs that have complex, highly structured input file formats.
DepartmentLincoln Laboratory; Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
IEEE 31st International Conference on Software Engineering, 2009. ICSE 2009
Institute of Electrical and Electronics Engineers
Ganesh, V., T. Leek, and M. Rinard. “Taint-based directed whitebox fuzzing.” Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on. 2009. 474-484. ©2009 Institute of Electrical and Electronics Engineers.
Final published version
INSPEC Accession Number: 10699591