TY - GEN
T1 - Fuzz testing in practice
T2 - 25th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2018
AU - Liang, Jie
AU - Wang, Mingzhe
AU - Chen, Yuanliang
AU - Jiang, Yu
AU - Zhang, Renwei
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/4/2
Y1 - 2018/4/2
N2 - Fuzz testing has helped security researchers and organizations discover a large number of vulnerabilities. Although it is efficient and widely used in industry, hardly any empirical studies and experience exist on the customization of fuzzers to real industrial projects. In this paper, collaborating with the engineers from Huawei, we present the practice of adapting fuzz testing to a proprietary message middleware named libmsg, which is responsible for the message transfer of the entire distributed system department. We present the main obstacles coming across in applying an efficient fuzzer to libmsg, including system configuration inconsistency, system build complexity, fuzzing driver absence. The solutions for those typical obstacles are also provided. For example, for the most difficult and expensive obstacle of writing fuzzing drivers, we present a low-cost approach by converting existing sample code snippets into fuzzing drivers. After overcoming those obstacles, we can effectively identify software bugs, and report 9 previously unknown vulnerabilities, including flaws that lead to denial of service or system crash.
AB - Fuzz testing has helped security researchers and organizations discover a large number of vulnerabilities. Although it is efficient and widely used in industry, hardly any empirical studies and experience exist on the customization of fuzzers to real industrial projects. In this paper, collaborating with the engineers from Huawei, we present the practice of adapting fuzz testing to a proprietary message middleware named libmsg, which is responsible for the message transfer of the entire distributed system department. We present the main obstacles coming across in applying an efficient fuzzer to libmsg, including system configuration inconsistency, system build complexity, fuzzing driver absence. The solutions for those typical obstacles are also provided. For example, for the most difficult and expensive obstacle of writing fuzzing drivers, we present a low-cost approach by converting existing sample code snippets into fuzzing drivers. After overcoming those obstacles, we can effectively identify software bugs, and report 9 previously unknown vulnerabilities, including flaws that lead to denial of service or system crash.
UR - https://www.scopus.com/pages/publications/85050915174
U2 - 10.1109/SANER.2018.8330260
DO - 10.1109/SANER.2018.8330260
M3 - 会议稿件
AN - SCOPUS:85050915174
T3 - 25th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2018 - Proceedings
SP - 562
EP - 566
BT - 25th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2018 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 20 March 2018 through 23 March 2018
ER -