Jingwen Zhao, Yan Fu, Yanxia Wu, Jibin Dong, Ruize Hong
{"title":"针对并发错误检测的线程敏感模糊测试","authors":"Jingwen Zhao, Yan Fu, Yanxia Wu, Jibin Dong, Ruize Hong","doi":"10.1016/j.cose.2024.104171","DOIUrl":null,"url":null,"abstract":"<div><div>Fuzzing is a commonly used method for identifying bugs and vulnerabilities in software. However, current methods for improving fuzzing in concurrency environments often lack a detailed analysis of the program’s concurrent state space. This leads to inefficient execution of previously verified concurrent states and missed information. We have developed TSAFL, a novel concurrency fuzzing framework that aims to detect the running state of concurrency programs and uncover hard-to-find vulnerabilities. TSAFL builds upon AFL’s concurrency vulnerability detection capabilities by incorporating three new techniques. Firstly, we introduce two new coverage metrics to measure concurrency: concurrent behavior window and CFG prediction. These metrics enhance the TSAFL’s capabilities to explore more thread interleavings. The second technique adds efficient thread-interleaved scheduling to fuzzing combined with period scheduling. Several methods are proposed to avoid problems caused by simply using period scheduling to accurately detect and verify all concurrent state spaces. Thirdly, we propose a multi-objective optimization mechanism based on the characteristics of concurrent fuzz testing to fully utilize the information in the seed files. Using these three techniques, our concurrency fuzzing approach effectively covers infrequent thread interleavings with concrete context information. We evaluated TSAFL on user-level applications, and experiments show that TSAFL outperforms AFL++ and MOPT in multithreading-related seed generation and concurrent vulnerability detection.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104171"},"PeriodicalIF":4.8000,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Thread-sensitive fuzzing for concurrency bug detection\",\"authors\":\"Jingwen Zhao, Yan Fu, Yanxia Wu, Jibin Dong, Ruize Hong\",\"doi\":\"10.1016/j.cose.2024.104171\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Fuzzing is a commonly used method for identifying bugs and vulnerabilities in software. However, current methods for improving fuzzing in concurrency environments often lack a detailed analysis of the program’s concurrent state space. This leads to inefficient execution of previously verified concurrent states and missed information. We have developed TSAFL, a novel concurrency fuzzing framework that aims to detect the running state of concurrency programs and uncover hard-to-find vulnerabilities. TSAFL builds upon AFL’s concurrency vulnerability detection capabilities by incorporating three new techniques. Firstly, we introduce two new coverage metrics to measure concurrency: concurrent behavior window and CFG prediction. These metrics enhance the TSAFL’s capabilities to explore more thread interleavings. The second technique adds efficient thread-interleaved scheduling to fuzzing combined with period scheduling. Several methods are proposed to avoid problems caused by simply using period scheduling to accurately detect and verify all concurrent state spaces. Thirdly, we propose a multi-objective optimization mechanism based on the characteristics of concurrent fuzz testing to fully utilize the information in the seed files. Using these three techniques, our concurrency fuzzing approach effectively covers infrequent thread interleavings with concrete context information. We evaluated TSAFL on user-level applications, and experiments show that TSAFL outperforms AFL++ and MOPT in multithreading-related seed generation and concurrent vulnerability detection.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104171\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824004760\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004760","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Thread-sensitive fuzzing for concurrency bug detection
Fuzzing is a commonly used method for identifying bugs and vulnerabilities in software. However, current methods for improving fuzzing in concurrency environments often lack a detailed analysis of the program’s concurrent state space. This leads to inefficient execution of previously verified concurrent states and missed information. We have developed TSAFL, a novel concurrency fuzzing framework that aims to detect the running state of concurrency programs and uncover hard-to-find vulnerabilities. TSAFL builds upon AFL’s concurrency vulnerability detection capabilities by incorporating three new techniques. Firstly, we introduce two new coverage metrics to measure concurrency: concurrent behavior window and CFG prediction. These metrics enhance the TSAFL’s capabilities to explore more thread interleavings. The second technique adds efficient thread-interleaved scheduling to fuzzing combined with period scheduling. Several methods are proposed to avoid problems caused by simply using period scheduling to accurately detect and verify all concurrent state spaces. Thirdly, we propose a multi-objective optimization mechanism based on the characteristics of concurrent fuzz testing to fully utilize the information in the seed files. Using these three techniques, our concurrency fuzzing approach effectively covers infrequent thread interleavings with concrete context information. We evaluated TSAFL on user-level applications, and experiments show that TSAFL outperforms AFL++ and MOPT in multithreading-related seed generation and concurrent vulnerability detection.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.