FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library

Joonun Jang, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Fuzzing is an effective method to find bugs in software. Many security communities are interested in fuzzing as an automated approach to verify software security because most of the bugs discovered by fuzzing are related to security vulnerabilities. However, not all software can be tested by fuzzing because fuzzing requires a running environment, especially an executable. Notably, in the case of libraries, most of the libraries do not have a relevant executable in practice. Thus, state-of-the-art fuzzers have a limitation to test an arbitrary library. To overcome this problem, we propose FuzzBuilder to provide an automated fuzzing environment for libraries. FuzzBuilder generates an executable that calls library API functions to enable library fuzzing. Moreover, any executable generated by FuzzBuilder is compatible with existing fuzzers such as AFL. We evaluate the overall performance of FuzzBuilder by testing open source libraries. Consequently, we discovered unknown bugs in libraries while achieving high code coverage. We believe that FuzzBuilder helps security researchers to save both setup cost and learning cost for library fuzzing.

Original languageEnglish
Title of host publicationProceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
PublisherAssociation for Computing Machinery
Pages627-637
Number of pages11
ISBN (Electronic)9781450376280
DOIs
Publication statusPublished - 2019 Dec 9
Event35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States
Duration: 2019 Dec 92019 Dec 13

Publication series

NameACM International Conference Proceeding Series

Conference

Conference35th Annual Computer Security Applications Conference, ACSAC 2019
CountryUnited States
CitySan Juan
Period19/12/919/12/13

Keywords

  • Greybox fuzzing
  • Library fuzzing
  • Software development
  • Unit test

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library'. Together they form a unique fingerprint.

  • Cite this

    Jang, J., & Kim, H. K. (2019). FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library. In Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019 (pp. 627-637). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3359789.3359846