TY - GEN
T1 - A QBDI-based fuzzer taming magic bytes
AU - Geretto, Elia
AU - Tessier, Cédric
AU - Massacci, Fabio
PY - 2019/2
Y1 - 2019/2
N2 - One of the major limitations of mutation-based grey-box fuzzers is that they struggle in accessing code protected by magic bytes comparisons, which are routinely employed by parsers. The best solution to this problem, the Steelix heuristic, proposes an implementation based on static binary instrumentation. This work demonstrates that, by using instead dynamic binary instrumentation, it is possible to obtain comparable performance and gain advantages in terms of precision and flexibility of the instrumentation. We have demonstrated the feasibility of this approach both on a standard academic benchmark, LAVA-M, and on real-life large-scale software, using the macOS framework ImageIO.
AB - One of the major limitations of mutation-based grey-box fuzzers is that they struggle in accessing code protected by magic bytes comparisons, which are routinely employed by parsers. The best solution to this problem, the Steelix heuristic, proposes an implementation based on static binary instrumentation. This work demonstrates that, by using instead dynamic binary instrumentation, it is possible to obtain comparable performance and gain advantages in terms of precision and flexibility of the instrumentation. We have demonstrated the feasibility of this approach both on a standard academic benchmark, LAVA-M, and on real-life large-scale software, using the macOS framework ImageIO.
KW - binary fuzzing
KW - binary instrumentation
KW - coverage-based fuzzing
M3 - Conference contribution
VL - 2315
T3 - CEUR Workshop Proceedings
BT - ITASEC 2019 - Proceedings of the 3rd Italian Conference on Cyber Security
A2 - Degano, P.
A2 - Zunino, R.
PB - CEUR-WS
CY - Pisa, Italy
T2 - 3rd Italian Conference on Cyber Security, ITASEC 2019
Y2 - 13 February 2019 through 15 February 2019
ER -