Search Results (6)

The compiler serves as a bridge connecting hardware architecture and application software, converting source code into executable files and optimizing code. Fuzz testing is an automated testing technology that evaluates software reliability by providing a large amount of random or mutated input data to the target system to trigger abnormal program behavior. When existing fuzz testing methods are applied to compiler testing, although they can detect common errors like lexical and syntax errors, there are issues such as insufficient pertinence in constructing the input corpus, limited support for structured Intermediate Representation (IR) node manipulation, and limited perfection of the mutation strategy. This study proposes a deep fuzz testing framework named BoostPolyGlot for GCC compiler frontend IR generation, which effectively covers the code-execution paths and improves the code-coverage rate through constructing an input corpus, employing translation by a master–slave IR translator, conducting operations on structured program characteristic IR nodes, and implementing an IR mutation strategy with dynamic weight adjustment. This study evaluates the fuzz testing capabilities of BoostPolyGlot based on dependency relationships, loop structures, and their synergistic effect. The experimental outcomes confirm that, when measured against five crucial performance indicators including total paths, count coverage, favored paths rate, new edges on rate, and level, BoostPolyGlot demonstrated statistically significant improvements compared with American Fuzzy Lop (AFL) and PolyGlot. These findings validate the effectiveness and practicality of the proposed framework. Full article

Rigorous testing methods are essential for ensuring the security and reliability of industrial controller software. Fuzzing, a technique that automatically discovers software bugs, has also proven effective in finding software vulnerabilities. Unsurprisingly, fuzzing has been applied to a wide range of platforms, including programmable logic controllers (PLCs). However, current approaches, such as coverage-guided evolutionary fuzzing implemented in the popular fuzzer American Fuzzy Lop Plus Plus (AFL++), are often inadequate for finding logical errors and bugs in PLC control logic applications. They primarily target generic programming languages like C/C++, Java, and Python, and do not consider the unique characteristics and behaviors of PLCs, which are often programmed using specialized programming languages like Structured Text (ST). Furthermore, these fuzzers are ill suited to deal with complex input structures encapsulated in ST, as they are not specifically designed to generate appropriate input sequences. This renders the application of traditional fuzzing techniques less efficient on these platforms. To address this issue, this paper presents a fuzzing framework designed explicitly for PLC software to discover logic bugs in applications written in ST specified by the IEC 61131-3 standard. The proposed framework incorporates a custom-tailored PLC runtime and a fuzzer designed for the purpose. We demonstrate its effectiveness by fuzzing a collection of ST programs that were crafted for evaluation purposes. We compare the performance against a popular fuzzer, namely, AFL++. The proposed fuzzing framework demonstrated its capabilities in our experiments, successfully detecting logic bugs in the tested PLC control logic applications written in ST. On average, it was at least 83 times faster than AFL++, and in certain cases, for example, it was more than 23,000 times faster. Full article

Coverage-guided greybox fuzzing (CGF) has become the mainstream technology used in the field of vulnerability mining, which has been proven to be effective. Seed scheduling, the process of selecting seeds from the seeds pool for subsequent fuzzing iterations, is a critical component of CGF. While many seed scheduling strategies have been proposed in academia, they all focus on the explored regions within programs. In response to the inefficiencies of traditional seed scheduling strategies, which often allocate resources to ineffective seeds, we introduce a novel seed scheduling strategy guided by untouched edges. The strategy generates the optional seed set according to the information on the untouched edges. We also present a new instrumentation method to capture unexplored areas and guide the fuzzing process toward them. We implemented the prototype UntouchFuzz on top of American Fuzzy Lop (AFL) and conducted evaluation experiments against the most advanced seed scheduling strategies. Our results demonstrate that UntouchFuzz has improved in code coverage and unique vulnerabilities. Furthermore, the method proposed is transplanted into the fuzzer MOpt, which further proves the scalability of the method. In particular, 13 vulnerabilities were found in the open-source projects, with 7 of them having assigned CVEs. Full article

Fuzz testing is the process of testing programs by continually producing unique inputs in order to detect and identify security flaws. It is often used in vulnerability mining. The most prevalent fuzzing approach is grey-box fuzzing, which combines lightweight code instrumentation with data-feedback-driven generation of fresh program input seeds. AFL (American Fuzzy Lop) is an outstanding grey-box fuzzing tool that is well known for its quick fork server execution, dependable genetic algorithm, and numerous mutation techniques. AFLGO proposes and executes power scheduling based on a simulated annealing process for a more appropriate energy allocation to seeds, however it is neither reliable nor successful. To tackle this issue, we offer an energy-dynamic scheduling strategy based on the algorithm of the fruit fly. Adjusting the energy of the seeds dynamically controls the production of test cases. The findings demonstrate that the approach suggested in this research can test the target region more rapidly and thoroughly and has a high application value for patch testing and vulnerability replication. Full article

An Internet of Things (IoT) application typically involves implementations in both the device domain and the network domain. In this two-domain environment, it is possible that application developers implement the wrong network functions and/or connect some IoT devices that should never be linked, which result in the execution of wrong operations on network functions. To resolve these issues, we propose the VerificationTalk mechanism to prevent inappropriate IoT application deployment. VerificationTalk consists of two subsystems: the BigraphTalk subsystem which verifies IoT device configuration; and AFLtalk which validates the network functions. VerificationTalk provides mechanisms to conduct online anomaly detection by using a runtime monitor and offline by using American Fuzzy Lop (AFL). The runtime monitor is capable of intercepting potentially harmful data targeting IoT devices. When VerificationTalk detects errors, it provides feedback for debugging. VerificationTalk also assists in building secure IoT applications by identifying security loopholes in network applications. By the appropriate design of the IoTtalk execution engine, the testing capacity of AFLtalk is three times that of traditional AFL approaches. Full article

AFL (American Fuzzy Lop) is a powerful fuzzing tool that has discovered hundreds of real-world vulnerabilities. Recent efforts are seen to port AFL to a fuzzing Java program and have shown to be effective in Java testing. However, these tools require humans to write driver classes, which is not plausible for testing large-scale software. In addition, AFL generates files as input, making it limited for testing methods that process files. In this paper, we present JDriver, an automatic driver class generation framework for AFL-based fuzzing tools, which can build driver code for methods’ processing files as well as ordinary methods not processing files. Our approach consists of three parts: a dependency-analysis based method to generate method sequences that are able to change the instance’s status so as to exercise more paths, a knowledge assisted method to make instance for the method sequences, and an input-file oriented driver class assembling method to handle the method parameters for ordinary methods. We evaluate JDriver on commons-imaging, a widely used image library provided by the Apache organization. JDriver has successfully generated 149 helper methods which can be used to make instances for 110 classes. Moreover, 99 driver classes are built to cover 422 methods. Full article