TY - GEN
T1 - µFUZZ
T2 - 32nd USENIX Security Symposium, USENIX Security 2023
AU - Chen, Yongheng
AU - Zhong, Rui
AU - Yang, Yupeng
AU - Hu, Hong
AU - Wu, Dinghao
AU - Lee, Wenke
N1 - Publisher Copyright:
© 2023 32nd USENIX Security Symposium, USENIX Security 2023. All rights reserved.
PY - 2023
Y1 - 2023
N2 - Fuzzing has been widely adopted as an effective testing technique for detecting software bugs. Researchers have explored many parallel fuzzing approaches to speed up bug detection. However, existing approaches are built on top of serial fuzzers and rely on periodic fuzzing state synchronization. Such a design has two limitations. First, the synchronous serial design of the fuzzer might waste CPU power due to blocking I/O operations. Second, state synchronization is either too late so that we fuzz with a suboptimal strategy or too frequent so that it causes enormous overhead. In this paper, we redesign parallel fuzzing with microservice architecture and propose the prototype µFUZZ. To better utilize CPU power in the existence of I/O, µFUZZ breaks down the synchronous fuzzing loops into concurrent microservices, each with multiple workers. To avoid state synchronization, µFUZZ partitions the state into different services and their workers so that they can work independently but still achieve a great aggregated result. Our experiments show that µFUZZ outperforms the second-best existing fuzzers with 24% improvements in code coverage and 33% improvements in bug detection on average in 24 hours. Besides, µFUZZ finds 11 new bugs in well-tested real-world programs.
AB - Fuzzing has been widely adopted as an effective testing technique for detecting software bugs. Researchers have explored many parallel fuzzing approaches to speed up bug detection. However, existing approaches are built on top of serial fuzzers and rely on periodic fuzzing state synchronization. Such a design has two limitations. First, the synchronous serial design of the fuzzer might waste CPU power due to blocking I/O operations. Second, state synchronization is either too late so that we fuzz with a suboptimal strategy or too frequent so that it causes enormous overhead. In this paper, we redesign parallel fuzzing with microservice architecture and propose the prototype µFUZZ. To better utilize CPU power in the existence of I/O, µFUZZ breaks down the synchronous fuzzing loops into concurrent microservices, each with multiple workers. To avoid state synchronization, µFUZZ partitions the state into different services and their workers so that they can work independently but still achieve a great aggregated result. Our experiments show that µFUZZ outperforms the second-best existing fuzzers with 24% improvements in code coverage and 33% improvements in bug detection on average in 24 hours. Besides, µFUZZ finds 11 new bugs in well-tested real-world programs.
UR - http://www.scopus.com/inward/record.url?scp=85175944499&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85175944499&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85175944499
T3 - 32nd USENIX Security Symposium, USENIX Security 2023
SP - 1325
EP - 1342
BT - 32nd USENIX Security Symposium, USENIX Security 2023
PB - USENIX Association
Y2 - 9 August 2023 through 11 August 2023
ER -