Principled fuzzing driven by mathematics

Zapraszamy na pierwsze w tym roku spotkanie Warsaw C++ Users. Tym razem mamy wyjątkowego gościa - prezentację wygłosi prof. Hao Chen z firmy ByteDance.

Tytuł: Principled fuzzing driven by mathematics

Abstrakt: Fuzzing is a popular technique for finding software bugs. However, fuzzers based on random mutation have difficulty producing quality inputs. We propose a principled fuzzing framework driven by AI. Our goal is to increase branch coverage by solving path constraints without symbolic execution. To solve path constraints efficiently, we introduce several key techniques: scalable byte-level taint tracking, context-sensitive branch count, search based on gradient descent, and input length exploration. To overcome the challenges of solving path constraints involving deeply nested conditional statements, first we identify all the control flow-dependent conditional statements. Next, we select the taint flow-dependent conditional statements. Finally, we use three strategies to find an input that satisfies all conditional statements simultaneously. We compared our fuzzer with other state-of-the-art fuzzers on 13 open source programs, and our fuzzer achieved significantly higher cumulative line and branch coverage. We manually classified the crashes found by our fuzzer into 41 unique new bugs and obtained 12 CVEs.

Prezentacji będzie towarzyszył egzotyczny poczestunek przygotowany przez firmę ByteDance.

Spotykamy się w sali 3180.