Направленный фаззинг на основе динамической инструментации (Сергей Асрян, ISPRASOPEN-2018)
Материал из 0x1.tv
- Сергей Асрян
In this talk we present new approach for directed fuzzing. It enables us much faster generate input data for target program’s specific instructions execution. Original fuzzing tools randomly generate or mutate input data to increase code coverage. This approach is not effective for analysis of special code regions.
The basic idea behind of this paper is to instrument target program in such way that interesting code fragments were executed as soon as possible. For that propose we detect all paths in the program, which are connecting program’s entry point to considered instructions. Then we apply two type of instrumentation. In the first case we insert coverage collection instructions only in detected paths, which enables fuzzing tool to consider generated or mutated input data effective if it allows approaching to target points.
In the second case we additionally insert 'exit(0)' instructions in those basic blocks from which target points are unreachable and their execution has no any influence. It allows repeatedly increase fuzzing speed.