Loading…

Towards systematic and dynamic task allocation for collaborative parallel fuzzing

Parallel coverage-guided greybox fuzzing is the most common setup for vulnerability discovery at scale. However, so far it has received little attention from the research community compared to single-mode fuzzing, leaving open several problems particularly in its task allocation strategies. Current...

Full description

Saved in:

Bibliographic Details
Main Authors:	Pham, Van-Thuan, Nguyen, Manh-Dung, Ta, Quang-Trung, Murray, Toby, Rubinstein, Benjamin I. P.
Format:	Conference Proceeding
Language:	English
Subjects:	Codes Computer bugs Dynamic scheduling Fuzzing Heuristic algorithms Parallel Fuzzing Partitioning algorithms Software and its engineering Software and its engineering > Software creation and management Software and its engineering > Software creation and management > Software verification and validation Software and its engineering > Software creation and management > Software verification and validation > Software defect analysis Software and its engineering > Software creation and management > Software verification and validation > Software defect analysis > Software testing and debugging Systematics Vulnerability Discovery
Online Access:	Request full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by
cites
container_end_page	1341
container_issue
container_start_page	1337
container_title
container_volume
creator	Pham, Van-Thuan Nguyen, Manh-Dung Ta, Quang-Trung Murray, Toby Rubinstein, Benjamin I. P.
description	Parallel coverage-guided greybox fuzzing is the most common setup for vulnerability discovery at scale. However, so far it has received little attention from the research community compared to single-mode fuzzing, leaving open several problems particularly in its task allocation strategies. Current approaches focus on managing micro tasks, at the seed input level, and their task division algorithms are either ad-hoc or static. In this paper, we leverage research on graph partitioning and search algorithms to propose a systematic and dynamic task allocation solution that works at the macro-task level. First, we design an attributed graph to capture both the program structures (e.g., program call graph) and fuzzing information (e.g., branch hit counts, bug discovery probability). Second, our graph partitioning algorithm divides the global program search space into sub-search-spaces. Finally our search algorithm prioritizes these sub-search-spaces (i.e., tasks) and explores them to maximize code coverage and number of bugs found. The results are collected to update the graph and guide further iterations of partitioning and exploration. We implemented a prototype tool called AFLTeam. In our preliminary experiments on well-tested benchmarks, AFLTeam achieved higher code coverage (up to 16.4% branch coverage improvement) compared to the default parallel mode of AFL and discovered 2 zero-day bugs in FFmpeg and JasPer toolkits.
doi_str_mv	10.1109/ASE51524.2021.9678810
format	conference_proceeding
fullrecord	<record><control><sourceid>acm_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_9678810</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9678810</ieee_id><sourcerecordid>acm_books_10_1109_ASE51524_2021_9678810</sourcerecordid><originalsourceid>FETCH-LOGICAL-a287t-188950272d446a2b1cf1a5822550e477359e61f0363a247a1b1780698552a8f63</originalsourceid><addsrcrecordid>eNqVkNtKw0AQQFdFsNZ-gQj7A4k7e89jKfUCgoj1eZkkGwlNsiUblfbrTWkLvvo0wxzOPBxC7oClACy7n78vFSguU844pJk21gI7I9egtZJMCCPOyYRrKRJQhl_8BVdkFmOdM2mtlCbTE_K2Cj_Yl5HGbRx8i0NdUOxKWm47bMd9wLim2DShGFHoaBV6WoSmwTz04-Xb0w32I_cNrb52u7r7vCGXFTbRz45zSj4elqvFU_Ly-vi8mL8kyK0ZErA2U4wbXkqpkedQVIDKcq4U89IYoTKvoWJCC-TSIORgLNOZVYqjrbSYktvD39p77zZ93WK_dcccI5UHikXr8hDW0QFz-37u1M_t-50El_e1r0Yt_ZcmfgGg2234</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Towards systematic and dynamic task allocation for collaborative parallel fuzzing</title><source>IEEE Xplore All Conference Series</source><creator>Pham, Van-Thuan ; Nguyen, Manh-Dung ; Ta, Quang-Trung ; Murray, Toby ; Rubinstein, Benjamin I. P.</creator><creatorcontrib>Pham, Van-Thuan ; Nguyen, Manh-Dung ; Ta, Quang-Trung ; Murray, Toby ; Rubinstein, Benjamin I. P.</creatorcontrib><description>Parallel coverage-guided greybox fuzzing is the most common setup for vulnerability discovery at scale. However, so far it has received little attention from the research community compared to single-mode fuzzing, leaving open several problems particularly in its task allocation strategies. Current approaches focus on managing micro tasks, at the seed input level, and their task division algorithms are either ad-hoc or static. In this paper, we leverage research on graph partitioning and search algorithms to propose a systematic and dynamic task allocation solution that works at the macro-task level. First, we design an attributed graph to capture both the program structures (e.g., program call graph) and fuzzing information (e.g., branch hit counts, bug discovery probability). Second, our graph partitioning algorithm divides the global program search space into sub-search-spaces. Finally our search algorithm prioritizes these sub-search-spaces (i.e., tasks) and explores them to maximize code coverage and number of bugs found. The results are collected to update the graph and guide further iterations of partitioning and exploration. We implemented a prototype tool called AFLTeam. In our preliminary experiments on well-tested benchmarks, AFLTeam achieved higher code coverage (up to 16.4% branch coverage improvement) compared to the default parallel mode of AFL and discovered 2 zero-day bugs in FFmpeg and JasPer toolkits.</description><identifier>ISBN: 1665403373</identifier><identifier>ISBN: 9781665403375</identifier><identifier>EISSN: 2643-1572</identifier><identifier>EISBN: 1665403373</identifier><identifier>EISBN: 9781665403375</identifier><identifier>DOI: 10.1109/ASE51524.2021.9678810</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>Piscataway, NJ, USA: IEEE Press</publisher><subject>Codes ; Computer bugs ; Dynamic scheduling ; Fuzzing ; Heuristic algorithms ; Parallel Fuzzing ; Partitioning algorithms ; Software and its engineering ; Software and its engineering -- Software creation and management ; Software and its engineering -- Software creation and management -- Software verification and validation ; Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis ; Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis -- Software testing and debugging ; Systematics ; Vulnerability Discovery</subject><ispartof>2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021, p.1337-1341</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9678810$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,23930,23931,25140,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9678810$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Pham, Van-Thuan</creatorcontrib><creatorcontrib>Nguyen, Manh-Dung</creatorcontrib><creatorcontrib>Ta, Quang-Trung</creatorcontrib><creatorcontrib>Murray, Toby</creatorcontrib><creatorcontrib>Rubinstein, Benjamin I. P.</creatorcontrib><title>Towards systematic and dynamic task allocation for collaborative parallel fuzzing</title><title>2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE)</title><addtitle>ASE</addtitle><description>Parallel coverage-guided greybox fuzzing is the most common setup for vulnerability discovery at scale. However, so far it has received little attention from the research community compared to single-mode fuzzing, leaving open several problems particularly in its task allocation strategies. Current approaches focus on managing micro tasks, at the seed input level, and their task division algorithms are either ad-hoc or static. In this paper, we leverage research on graph partitioning and search algorithms to propose a systematic and dynamic task allocation solution that works at the macro-task level. First, we design an attributed graph to capture both the program structures (e.g., program call graph) and fuzzing information (e.g., branch hit counts, bug discovery probability). Second, our graph partitioning algorithm divides the global program search space into sub-search-spaces. Finally our search algorithm prioritizes these sub-search-spaces (i.e., tasks) and explores them to maximize code coverage and number of bugs found. The results are collected to update the graph and guide further iterations of partitioning and exploration. We implemented a prototype tool called AFLTeam. In our preliminary experiments on well-tested benchmarks, AFLTeam achieved higher code coverage (up to 16.4% branch coverage improvement) compared to the default parallel mode of AFL and discovered 2 zero-day bugs in FFmpeg and JasPer toolkits.</description><subject>Codes</subject><subject>Computer bugs</subject><subject>Dynamic scheduling</subject><subject>Fuzzing</subject><subject>Heuristic algorithms</subject><subject>Parallel Fuzzing</subject><subject>Partitioning algorithms</subject><subject>Software and its engineering</subject><subject>Software and its engineering -- Software creation and management</subject><subject>Software and its engineering -- Software creation and management -- Software verification and validation</subject><subject>Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis</subject><subject>Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis -- Software testing and debugging</subject><subject>Systematics</subject><subject>Vulnerability Discovery</subject><issn>2643-1572</issn><isbn>1665403373</isbn><isbn>9781665403375</isbn><isbn>1665403373</isbn><isbn>9781665403375</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2021</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNqVkNtKw0AQQFdFsNZ-gQj7A4k7e89jKfUCgoj1eZkkGwlNsiUblfbrTWkLvvo0wxzOPBxC7oClACy7n78vFSguU844pJk21gI7I9egtZJMCCPOyYRrKRJQhl_8BVdkFmOdM2mtlCbTE_K2Cj_Yl5HGbRx8i0NdUOxKWm47bMd9wLim2DShGFHoaBV6WoSmwTz04-Xb0w32I_cNrb52u7r7vCGXFTbRz45zSj4elqvFU_Ly-vi8mL8kyK0ZErA2U4wbXkqpkedQVIDKcq4U89IYoTKvoWJCC-TSIORgLNOZVYqjrbSYktvD39p77zZ93WK_dcccI5UHikXr8hDW0QFz-37u1M_t-50El_e1r0Yt_ZcmfgGg2234</recordid><startdate>20211115</startdate><enddate>20211115</enddate><creator>Pham, Van-Thuan</creator><creator>Nguyen, Manh-Dung</creator><creator>Ta, Quang-Trung</creator><creator>Murray, Toby</creator><creator>Rubinstein, Benjamin I. P.</creator><general>IEEE Press</general><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20211115</creationdate><title>Towards systematic and dynamic task allocation for collaborative parallel fuzzing</title><author>Pham, Van-Thuan ; Nguyen, Manh-Dung ; Ta, Quang-Trung ; Murray, Toby ; Rubinstein, Benjamin I. P.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a287t-188950272d446a2b1cf1a5822550e477359e61f0363a247a1b1780698552a8f63</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Codes</topic><topic>Computer bugs</topic><topic>Dynamic scheduling</topic><topic>Fuzzing</topic><topic>Heuristic algorithms</topic><topic>Parallel Fuzzing</topic><topic>Partitioning algorithms</topic><topic>Software and its engineering</topic><topic>Software and its engineering -- Software creation and management</topic><topic>Software and its engineering -- Software creation and management -- Software verification and validation</topic><topic>Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis</topic><topic>Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis -- Software testing and debugging</topic><topic>Systematics</topic><topic>Vulnerability Discovery</topic><toplevel>online_resources</toplevel><creatorcontrib>Pham, Van-Thuan</creatorcontrib><creatorcontrib>Nguyen, Manh-Dung</creatorcontrib><creatorcontrib>Ta, Quang-Trung</creatorcontrib><creatorcontrib>Murray, Toby</creatorcontrib><creatorcontrib>Rubinstein, Benjamin I. P.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library Online</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Pham, Van-Thuan</au><au>Nguyen, Manh-Dung</au><au>Ta, Quang-Trung</au><au>Murray, Toby</au><au>Rubinstein, Benjamin I. P.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Towards systematic and dynamic task allocation for collaborative parallel fuzzing</atitle><btitle>2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE)</btitle><stitle>ASE</stitle><date>2021-11-15</date><risdate>2021</risdate><spage>1337</spage><epage>1341</epage><pages>1337-1341</pages><eissn>2643-1572</eissn><isbn>1665403373</isbn><isbn>9781665403375</isbn><eisbn>1665403373</eisbn><eisbn>9781665403375</eisbn><coden>IEEPAD</coden><abstract>Parallel coverage-guided greybox fuzzing is the most common setup for vulnerability discovery at scale. However, so far it has received little attention from the research community compared to single-mode fuzzing, leaving open several problems particularly in its task allocation strategies. Current approaches focus on managing micro tasks, at the seed input level, and their task division algorithms are either ad-hoc or static. In this paper, we leverage research on graph partitioning and search algorithms to propose a systematic and dynamic task allocation solution that works at the macro-task level. First, we design an attributed graph to capture both the program structures (e.g., program call graph) and fuzzing information (e.g., branch hit counts, bug discovery probability). Second, our graph partitioning algorithm divides the global program search space into sub-search-spaces. Finally our search algorithm prioritizes these sub-search-spaces (i.e., tasks) and explores them to maximize code coverage and number of bugs found. The results are collected to update the graph and guide further iterations of partitioning and exploration. We implemented a prototype tool called AFLTeam. In our preliminary experiments on well-tested benchmarks, AFLTeam achieved higher code coverage (up to 16.4% branch coverage improvement) compared to the default parallel mode of AFL and discovered 2 zero-day bugs in FFmpeg and JasPer toolkits.</abstract><cop>Piscataway, NJ, USA</cop><pub>IEEE Press</pub><doi>10.1109/ASE51524.2021.9678810</doi><tpages>5</tpages></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISBN: 1665403373
ispartof	2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021, p.1337-1341
issn	2643-1572
language	eng
recordid	cdi_ieee_primary_9678810
source	IEEE Xplore All Conference Series
subjects	Codes Computer bugs Dynamic scheduling Fuzzing Heuristic algorithms Parallel Fuzzing Partitioning algorithms Software and its engineering Software and its engineering -- Software creation and management Software and its engineering -- Software creation and management -- Software verification and validation Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis Software and its engineering -- Software creation and management -- Software verification and validation -- Software defect analysis -- Software testing and debugging Systematics Vulnerability Discovery
title	Towards systematic and dynamic task allocation for collaborative parallel fuzzing
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T22%3A03%3A48IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Towards%20systematic%20and%20dynamic%20task%20allocation%20for%20collaborative%20parallel%20fuzzing&rft.btitle=2021%2036th%20IEEE/ACM%20International%20Conference%20on%20Automated%20Software%20Engineering%20(ASE)&rft.au=Pham,%20Van-Thuan&rft.date=2021-11-15&rft.spage=1337&rft.epage=1341&rft.pages=1337-1341&rft.eissn=2643-1572&rft.isbn=1665403373&rft.isbn_list=9781665403375&rft.coden=IEEPAD&rft_id=info:doi/10.1109/ASE51524.2021.9678810&rft.eisbn=1665403373&rft.eisbn_list=9781665403375&rft_dat=%3Cacm_CHZPO%3Eacm_books_10_1109_ASE51524_2021_9678810%3C/acm_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a287t-188950272d446a2b1cf1a5822550e477359e61f0363a247a1b1780698552a8f63%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=9678810&rfr_iscdi=true