PTrix: Efficient hardware-assisted fuzzing for COTS binary

Yaohui Chen, Dongliang Mu, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

45 Scopus citations

Abstract

Despite its effectiveness in uncovering software defects, American Fuzzy Lop (AFL), one of the best grey-box fuzzers, is inefficient when fuzz-testing source-unavailable programs. AFL's binary-only fuzzing mode, QEMU-AFL, is typically 2-5x slower than its sourceavailable fuzzing mode. The slowdown is largely caused by the heavy dynamic instrumentation. Recent fuzzing techniques use Intel Processor Tracing (PT), a light-weight tracing feature supported by recent Intel CPUs, to remove the need of dynamic instrumentation. However,we found that these PT-based fuzzing techniques are even slower than QEMU-AFL when fuzzing real-world programs, making them less effective than QEMU-AFL. This poor performance is caused by the slow extraction of code coverage information from highly compressed PT traces. In this work, we present the design and implementation of PTrix, which fully unleashes the benefits of PT for fuzzing via three novel techniques. First, PTrix introduces a scheme to highly parallel the processing of PT trace and target program execution. Second, it directly takes decoded PT trace as feedback for fuzzing, avoiding the expensive reconstruction of code coverage information. Third, PTrix maintains the new feedback with stronger feedback than edge-based code coverage, which helps reach new code space and defects that AFL may not. We evaluated PTrix by comparing its performance with the stateof- the-art fuzzers. Our results show that, given the same amount of time, PTrix achieves a significantly higher fuzzing speed and reaches into code regions missed by the other fuzzers. In addition, PTrix identifies 35 new vulnerabilities in a set of previously wellfuzzed binaries, showing its ability to complement existing fuzzers.

Original languageEnglish (US)
Title of host publicationAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages633-645
Number of pages13
ISBN (Electronic)9781450367523
DOIs
StatePublished - Jul 2 2019
Event2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019 - Auckland, New Zealand
Duration: Jul 9 2019Jul 12 2019

Publication series

NameAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Conference

Conference2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
Country/TerritoryNew Zealand
CityAuckland
Period7/9/197/12/19

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Computer Science Applications

Cite this