Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (11): 382-389.doi: 10.11896/jsjkx.241000003

• Information Security • Previous Articles     Next Articles

Dynamic Analysis Based Fuzz Testing for Memory Safety Vulnerabilities

YIN Jiale1, CHEN Zhe1,2   

  1. 1 College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China
    2 Collaborative Innovation Center of Novel Software Technology and Industrialization,Nanjing 211106,China
  • Received:2024-10-08 Revised:2024-12-13 Online:2025-11-15 Published:2025-11-06
  • About author:YIN Jiale,born in 1999,postgraduate.His main research interest is verification of software.
    CHEN Zhe,born in 1981,professor,is a member of CCF(No.22234M).His main research interests include verification of software,software engineering and network security.
  • Supported by:
    National Natural Science Foundation of China(62172217),Joint Research Funds of National Natural Science Foundation of China and Civil Aviation Administration of China(U1533130) and CCF-Huawei Populus Euphratica Fund Formalization Project.

PDF (PC)

22

Abstract: Systems written in C often contain potential memory vulnerabilities.Fuzz testing integrated with dynamic analysis tools can uncover memory vulnerabilities but introduce significant performance overhead.Meanwhile,current popular fuzz testing me-thods focus more on improving overall code coverage,while efficiently triggering memory vulnerabilities in already covered code is also an important capability.To this end,the dynamic analysis tool Movec is improved and combined with AFL,with the innovative work primarily using pointer metadata to guide fuzz testing for efficient memory vulnerability detection.The core steps include using a source-level hash table and secondary tree to manage pointer metadata to reduce page faults caused by combining fuzz testing with dynamic analysis.Then it removes coverage instrumentation of dynamic analysis code at the assembly level to reduce the impact of redundant instrumentation on coverage calculation.Subsequently it adds minimum pointer boundary distance and memory allocation peak indicators to guide fuzz testing in efficiently detecting buffer overflows and memory allocation failure vulnerabilities,and finally optimizes the seed queue filtering logic to streamline queue size and prioritize seeds related to memory vulnerabilities.Experiments on CVE programs show that the execution throughput of Movec combined with AFL is 54% of native,while Asan and Msan are only 10% and 4%,respectively.Compared with advanced fuzzers,it can uncover memory vulnerabilities in a shorter time,reducing the time consumption by an average of 48.4%.

Key words: Memory safety, Dynamic analysis, Fuzzing, Source-level instrumentation

CLC Number: 

  • TP311
[1]CHEN Z,TAO C Q,ZHANG Z Y,et al.Beyond spatial and temporal memory safety[C]//Proceedings of the 40th International Conference on Software Engineering.2018:189-190.
[2]NETHERCOTE N,SEWARD J.Valgrind:Aprogram supervi-sion framework[J].Electronic notes in Theoretical Computer Science,2003,89(2):44-66.
[3]NAGARAKATTE S,ZHAO J Z,MARTIN M M K,et al.SoftBound:Highly compatible and complete spatial memory safety for C[C]//Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation.2009:245-258.
[4]XU W,DUVARNEY D C,SEKAR R.An efficient and back-wards-compatible transformation to ensure memory safety of C programs[C]//Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Enginee-ring.2004:117-126.
[5]CUI Z Q,ZHANG J M,ZHENG L W,et al.A Survey of Research on Coverage-Guided Greybox Fuzzing[J].Chinese Journal of Computers,2024,47(7):1665-1696.
[6]ZHU X G,WEN S,CAMTEPE S,et al.Fuzzing:a survey forroadmap[J].ACM Computing Surveys,2022,54(11s):1-36.
[7]WEN C,WANG H J,LI Y K,et al.Memlock:Memory usage guided fuzzing[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering.2020:765-777.
[8]SEREBRYANY K,BRUENING D,POTAPENKO A,et al.AddressSanitizer:A fast address sanity checker[C]//2012 USENIX Annual Technical Conference(USENIX ATC 12).2012:309-318.
[9]CHEN Z,WANG C,YAN J Q,et al.Runtime detection of memory errors with smart status[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:296-308.
[10]CHEN Z,YAN J Q,KAN S L,et al.Detecting memory errors at runtime with source-level instrumentation[C]//Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis.2019:341-351.
[11]CHEN Z,YAN R,MA Y Z,et al.A smart status based monitoring algorithm for the dynamic analysis of memory safety[J].ACM Transactions on Software Engineering and Methodology,2024,33(4):1-47.
[12]BÖHME M,PHAM V T,ROYCHOUDHURY A.Coverage-based greybox fuzzing as markov chain[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:1032-1043.
[13]LEMIEUX C,SEN K.Fairfuzz:A targeted mutation strategy for increasing greybox fuzz testing coverage[C]//Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.2018:475-485.
[14]LIANG J,WANG M Z,ZHOU C J,et al.Pata:Fuzzing with path aware taint analysis[C]//2022 IEEE Symposium on Secu-rity and Privacy(SP).IEEE,2022:1-17.
[15]CHEN P,CHEN H.Angora:Efficient fuzzing by principledsearch[C]//2018 IEEE Symposium on Security and Privacy(SP).IEEE,2018:711-725.
[16]GAN S T,ZHANG C,CHEN P,et al.GREYONE:Data flowsensitive fuzzing[C]//29th USENIX Security Symposium(USENIX Security 20).2020:2577-2594.
[17]LIANG G C,LIAO L J,XU X,et al.Effective fuzzing based on dynamic taint analysis[C]//2013 Ninth International Confe-rence on Computational Intelligence and Security.IEEE,2013:615-619.
[18]BA J S,DUCK G J,ROYCHOUDHURY A.Efficient greybox fuzzing to detect memory errors[C]//Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering.2022:1-12.
[19]KLEES G,RUEF A,COOPER B,et al.Evaluating fuzz testing[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:2123-2138.
[20]FIORALDI A,MAIER D,EIßFELDT H,et al.AFL++:Com-bining incremental steps of fuzzing research[C]//14th USENIX Workshop on Offensive Technologies(WOOT 20).2020.
[1] WANG Panlong, WANG Lei, YING Jinrui, LIU Bowen, GAO Zhiyong. CNFED:An Error Detection Tool for Floating-point Expressions Based on Condition Number [J]. Computer Science, 2025, 52(6A): 240800070-8.
[2] YAN Rui, CHEN Zhe. Dynamic Analysis Method for Memory Safety of Multithreaded C Programs [J]. Computer Science, 2024, 51(6A): 230900115-6.
[3] MA Yingzi, CHEN Zhe, YIN Jiale, MAO Ruiqi. Memory Security Vulnerability Detection Combining Fuzzy Testing and Dynamic Analysis [J]. Computer Science, 2024, 51(2): 352-358.
[4] LIN Jiahan, RAN Meng, PENG Jianshan. SSFuzz:State-sensitive Greybox Fuzzing for Network Protocol Services [J]. Computer Science, 2024, 51(12): 71-78.
[5] ZHONG Kai, GUO Chun, LI Xianchao, SHEN Guowei. Cryptomining Malware Early Detection Method Based on SDR [J]. Computer Science, 2024, 51(12): 303-309.
[6] DING Duo, SUN Cong, ZHENG Tao. Robust Binary Program Debloating [J]. Computer Science, 2024, 51(10): 208-217.
[7] ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai. Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy [J]. Computer Science, 2023, 50(9): 44-51.
[8] ZHAO Mingmin, YANG Qiuhui, HONG Mei, CAI Chuang. Smart Contract Fuzzing Based on Deep Learning and Information Feedback [J]. Computer Science, 2023, 50(9): 117-122.
[9] DU Hao, WANG Yunchao, YAN Chenyu, LI Xingwei. Test Cases Generation Techniques for Root Cause Location of Fault [J]. Computer Science, 2023, 50(7): 10-17.
[10] YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332.
[11] HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli. Detection of Web Command Injection Vulnerability for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 343-350.
[12] XU Wei, WU Zehui, WANG Zimu, LU Li. Protocol Fuzzing Based on Testcases Automated Generation [J]. Computer Science, 2023, 50(12): 58-65.
[13] DING Xuhui, ZHANG Linlin, ZHAO Kai, WANG Xusheng. Android Application Privacy Disclosure Detection Method Based on Static and Dynamic Combination [J]. Computer Science, 2023, 50(10): 327-335.
[14] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[15] ZHAO Jing-wen, FU Yan, WU Yan-xia, CHEN Jun-wen, FENG Yun, DONG Ji-bin, LIU Jia-qi. Survey on Multithreaded Data Race Detection Techniques [J]. Computer Science, 2022, 49(6): 89-98.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.