Skip to Main content Skip to Navigation
Theses

Binary-level directed fuzzing for complex vulnerabilities

Abstract : Fuzzing is a popular security testing technique consisting in generating massive amount of random inputs, very effective in triggering bugs in real-world programs. Although recent research made a lot of progress in solving fuzzing problems such as magic numbers and highly structured inputs, detecting complex vulnerabilities is still hard for current feedback-driven fuzzers, even in case where the targets are known (directed fuzzing). In this thesis, we consider the problem of guiding fuzzing to detect complex vulnerabilities such as Use-After-Free (UAF), as bug-triggering paths must satisfy specific properties of those bug classes. UAF is currently identified as one of the most critial exploitable vulnerabilities and has serious consequences such as data corruption and information leaks. Firstly, we provide a detailed survey on Directed Greybox Fuzzing, which is the core technique of this thesis, aiming to perform stress testing on predefined targets like recent code changes or vulnerable functions. Secondly, we propose new directed fuzzing techniques tailored to detecting UAF vulnerabilities in binary code that we have proven effective and efficient inboth bug reproduction and patch testing. Thirdly, we show that our directed techniques can be fruitfully generalized to other typestate bugs like buffer overflows. Finally, our proposed techniques have been implemented in the open-source tools Binsec/UAFuzz and Binsec/TypeFuzz, helping to find security vulnerabilities in real-world programs (39 new bugs, 17 CVEs were assigned and 30 bugs were fixed).
Complete list of metadata

https://tel.archives-ouvertes.fr/tel-03238343
Contributor : Abes Star :  Contact
Submitted on : Friday, July 23, 2021 - 2:48:10 PM
Last modification on : Thursday, October 21, 2021 - 3:46:00 AM

File

NGUYEN_2021_archivage.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-03238343, version 2

Collections

Citation

Manh-Dung Nguyen. Binary-level directed fuzzing for complex vulnerabilities. Software Engineering [cs.SE]. Université Grenoble Alpes [2020-..], 2021. English. ⟨NNT : 2021GRALM005⟩. ⟨tel-03238343v2⟩

Share

Metrics

Record views

168

Files downloads

423