Facilitating Parallel Fuzzing with Mutually-Exclusive Task Distribution

Yifan Wang, Yuchen Zhang, Chenbin Pang, Peng Li, Nikolaos Triandopoulos, Jun Xu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program with the goal of discovering un-handled exceptions and crashes. In business sectors where the time budget is limited, software vendors often launch many fuzzing instances in parallel as a common means of increasing code coverage. However, most of the popular fuzzing tools—in their parallel mode—naively run multiple instances concurrently, without elaborate distribution of workload. This can lead different instances to explore overlapped code regions, eventually reducing the benefits of concurrency. In this paper, we propose a general model to describe parallel fuzzing. This model distributes mutually-exclusive but similarly-weighted tasks to different instances, facilitating concurrency and also fairness across instances. Following this model, we develop a solution, called AFL-EDGE, to improve the parallel mode of AFL, considering a round of mutations to a unique seed as a task and adopting edge coverage to define the uniqueness of a seed. We have implemented AFL-EDGE on top of AFL and evaluated the implementation with AFL on 9 widely used benchmark programs. It shows that AFL-EDGE can benefit the edge coverage of AFL. In a 24-h test, the increase of edge coverage brought by AFL-EDGE to AFL ranges from 9.5% to 10.2%, depending on the number of instances. As a side benefit, we discovered 14 previously unknown bugs.

Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks - 17th EAI International Conference, SecureComm 2021, Proceedings
EditorsJoaquin Garcia-Alfaro, Shujun Li, Radha Poovendran, Hervé Debar, Moti Yung
Pages185-206
Number of pages22
DOIs
StatePublished - 2021
Event17th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2021 - Virtual, Online
Duration: 6 Sep 20219 Sep 2021

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume399 LNICST
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference17th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2021
CityVirtual, Online
Period6/09/219/09/21

Keywords

  • Parallel fuzzing
  • Performance
  • Software testing

Fingerprint

Dive into the research topics of 'Facilitating Parallel Fuzzing with Mutually-Exclusive Task Distribution'. Together they form a unique fingerprint.

Cite this