A Smart Fuzzing Approach for Integer Overflow Detection

Jun Cai, Peng Zou, Jun He, Jinxin Ma


Fuzzing is one of the most commonly used methods to detect software vulnerabilities, a major cause of information security incidents. Although it has advantages of simple design and low error report, its efficiency is usually poor. In this paper we present a smart fuzzing approach for integer overflow detection and a tool, SwordFuzzer, which implements this approach. Unlike standard fuzzing techniques, which randomly change parts of the input file with no information about the underlying syntactic structure of the file, SwordFuzzer uses online dynamic taint analysis to identify which bytes in the input file are used in security sensitive operations and then focuses on mutating such bytes. Thus, the generated inputs are more likely to trigger potential vulnerabilities. We evaluated SwordFuzzer with an example program and a number of real-world applications. The experimental results show that SwordFuzzer can accurately locate the key bytes of the input file and dramatically improve the effectiveness of fuzzing in detecting real-world vulnerabilities.


Information Security; Vulnerability Detection; Dynamic Taint Analysis; Smart Fuzzing


OWASP, Category:Vulnerability [Online]. Available: https://www.owasp.org/index.php/Category:Vulnerability

NIST, National Vulnerability Database [Online]. Available: http://web.nvd.nist.gov/view/vuln/search-advanced

C. Cadar, D. Dunbar, and D. Engler, "Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs," in USENIX Symposium on Operating Systems Design and Implementation (OSDI'08), San Diego, CA, 2008, pp. 209-224.

P. Godefroid, M. Levin, and D. Molnar, "Automated whitebox fuzz testing," in Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008, pp. 151-166.

V. Ganesh, T. Leek, and M. Rinard, "Taint-based directed whitebox fuzzing", in Proceedings of the IEEE 31st International Conference on Software Enineering (ICSE'09), May 16-24, 2009, Vancouver, Canada, pp. 474-484.

T. Wang, T. Wei, Z. Lin, and W. Zou, "IntScope: automatically detecting integer overflow vulnerability in X86 binary using symbolic execution", in Proceedings of the 16th Network and Distributed System Security Symposium (NDSS'09), San Diego, CA, February 2009.

OWASP, Integer Overflow [Online]. Available: https://www.owasp.org/index.php/Integer_overflow

J. Newsome and D. Song, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity

software," in Proceedings of the Network and Distributed System Security Symposium (NDSS 2005).

J. Clause, W. Li, and A. Orso, "Dytan: a generic dynamic taint analysis framework", in Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA'07), ACM, July 9-12, 2007, London, England, United Kingdom, pp. 196-206.

E. J. Schwartz, T. Avgerinos, and D. Brumley, "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)", in the Proceedings of the 2010 IEEE Symposium on Security and Privacy, May 2010, pp. 317-331.

E. Bosman, A. Slowinska, and H. Bos, "Minemu: the world's fastest taint tracker," in Proceedings of the 14th International Conference on Recent advances in Intrusion Detection (RAID'11), 2011, pp. 1-20.

V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis, "libdft: practical dynamic data flow tracking for commodity systems," in VEE'12, March 3-4, 2012, London, England, UK.

M. Sutton, A. Greene, and P. Amini, Fuzzing: Brute Force Vulnerability Discovery, Addison-Wesley Professional, United States, 2007.

A. Takanen. (2009). Fuzzing: the past, the present and the future, [Online]. Available: http://actes.sstic.org/SSTIC09/Fuzzing-the_Past-the_Present_and_the_Future/SSTIC09-article-A-Takanen-Fuzzing-the_Past-the_Present_and_the_Future.pdf

B. S. Pak, "Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution", School of Computer Science Carnegie Mellon University, May 2012.

S. Rawat and L. Mounier, "Offset-aware mutation based fuzzing for buffer overflow vulnerabilities: few preliminary results", in Proceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 531-533.

S. Bekrar, C. Bekrar, R. Groz, and L. Mounier, "Finding software vulnerabilities by smart fuzzing," in Proceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation, (ICST), 2011, pp. 427-430.

S. Bekrar, C. Bekrar, R. Groz, and L. Mounier, "A taint based approach for smart fuzzing," in Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST), 2012, pp. 818-825.

Caca labs, Zzuf - Multi-purpose fuzzer [Online]. Available:. http://caca.zoy.org/wiki/zzuf

A pure-python fully automated and unattended fuzzing framework [Online]. Available: https://github.com/OpenRCE/sulley

M. Eddington, Peach fuzzer [Online]. Available: http://peachfuzzer.com/

Sogeti ESEC Lab, Fuzzgrind [Online]. Available: http://esec-lab.sogeti.com/pages/Fuzzgrind

T. Wang, T. Wei, G. Gu, W. Zou, "Checksum-aware fuzzing combined with dynamic taint analysis and symbolic execution", ACM Transactions on Information and System Security, vol. 14, no.2, article 15, September 2011.

Intel, Pin - A Dynamic Binary Instrumentation Tool [Online]. Available: https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool

NIST, CVE-2007-4938 [Online]. Available: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4938

Offensive Security, The Exploit Database [Online]. Available: http://www.exploit-db.com/

Full Text: PDF


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IT in Innovation IT in Business IT in Engineering IT in Health IT in Science IT in Design IT in Fashion

IT in Industry (2012 - ) http://www.it-in-industry.com ISSN (Online): 2203-1731; ISSN (Print): 2204-0595