TY - GEN
T1 - Facilitating Parallel Fuzzing with Mutually-Exclusive Task Distribution
AU - Wang, Yifan
AU - Zhang, Yuchen
AU - Pang, Chenbin
AU - Li, Peng
AU - Triandopoulos, Nikolaos
AU - Xu, Jun
N1 - Publisher Copyright:
© 2021, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
PY - 2021
Y1 - 2021
N2 - Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program with the goal of discovering un-handled exceptions and crashes. In business sectors where the time budget is limited, software vendors often launch many fuzzing instances in parallel as a common means of increasing code coverage. However, most of the popular fuzzing tools—in their parallel mode—naively run multiple instances concurrently, without elaborate distribution of workload. This can lead different instances to explore overlapped code regions, eventually reducing the benefits of concurrency. In this paper, we propose a general model to describe parallel fuzzing. This model distributes mutually-exclusive but similarly-weighted tasks to different instances, facilitating concurrency and also fairness across instances. Following this model, we develop a solution, called AFL-EDGE, to improve the parallel mode of AFL, considering a round of mutations to a unique seed as a task and adopting edge coverage to define the uniqueness of a seed. We have implemented AFL-EDGE on top of AFL and evaluated the implementation with AFL on 9 widely used benchmark programs. It shows that AFL-EDGE can benefit the edge coverage of AFL. In a 24-h test, the increase of edge coverage brought by AFL-EDGE to AFL ranges from 9.5% to 10.2%, depending on the number of instances. As a side benefit, we discovered 14 previously unknown bugs.
AB - Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program with the goal of discovering un-handled exceptions and crashes. In business sectors where the time budget is limited, software vendors often launch many fuzzing instances in parallel as a common means of increasing code coverage. However, most of the popular fuzzing tools—in their parallel mode—naively run multiple instances concurrently, without elaborate distribution of workload. This can lead different instances to explore overlapped code regions, eventually reducing the benefits of concurrency. In this paper, we propose a general model to describe parallel fuzzing. This model distributes mutually-exclusive but similarly-weighted tasks to different instances, facilitating concurrency and also fairness across instances. Following this model, we develop a solution, called AFL-EDGE, to improve the parallel mode of AFL, considering a round of mutations to a unique seed as a task and adopting edge coverage to define the uniqueness of a seed. We have implemented AFL-EDGE on top of AFL and evaluated the implementation with AFL on 9 widely used benchmark programs. It shows that AFL-EDGE can benefit the edge coverage of AFL. In a 24-h test, the increase of edge coverage brought by AFL-EDGE to AFL ranges from 9.5% to 10.2%, depending on the number of instances. As a side benefit, we discovered 14 previously unknown bugs.
KW - Parallel fuzzing
KW - Performance
KW - Software testing
UR - http://www.scopus.com/inward/record.url?scp=85120069307&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85120069307&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-90022-9_10
DO - 10.1007/978-3-030-90022-9_10
M3 - Conference contribution
AN - SCOPUS:85120069307
SN - 9783030900212
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 185
EP - 206
BT - Security and Privacy in Communication Networks - 17th EAI International Conference, SecureComm 2021, Proceedings
A2 - Garcia-Alfaro, Joaquin
A2 - Li, Shujun
A2 - Poovendran, Radha
A2 - Debar, Hervé
A2 - Yung, Moti
T2 - 17th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2021
Y2 - 6 September 2021 through 9 September 2021
ER -