Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Review on Library Fuzzing Tools
Jia Song
Pages - 70 - 78     |    Revised - 31-10-2022     |    Published - 01-12-2022
Volume - 16   Issue - 5    |    Publication Date - December 2022  Table of Contents
Fuzzing, Library Fuzzing, Software Testing, Function Fuzzing.
Fuzzing is a powerful software security testing technique. It can be automated and can test programs with many randomly generated fuzzing inputs to trigger overlooked bugs. Libraries and functions are commonly used by programmers to be directly called from their programs. However, most programmers would simply use public libraries without doubting whether these libraries are secure or not.To help with it, library fuzzing has been proposed.Fuzzing a whole program is very common, however, fuzzing a standalone function or library is challenging. Different from an executable program, functions cannot be run on themselves. In addition, randomly generating certain parameters might break the relationships between parameters and therefore result in a large number of false positives.There has been not much research in the area of library fuzzing. However, library or function fuzzing could be a very useful testing tool for programmers and developers. This paper reviews the recent research work related to library fuzzing and function fuzzing. The results may be helpful to any researchers who plan to explore this research area.
Bastani, O., Sharma, R., Aiken, A., and Liang, P. (2017). Synthesizing program input grammars. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, pages 95-110, New York, NY, USA. ACM.
Bekrar, S., Bekrar, C., Groz, R., and Mounier, L. (2012). A taint based approach for smart fuzzing. In 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation, pages 818-825.
Blair, W., Mambretti, A., Arshad, S., Weissbacher, M., Robertson, W., Kirda, E., and Egele, M. (2020). Hotfuzz: Discovering algorithmic denial-of-service vulnerabilities through guided micro-fuzzing. Proceedings 2020 Network and Distributed System Security Symposium.
Cadar, C. and Sen, K. (2013). Symbolic execution for software testing: Three decades later. Commun. ACM, 56(2):82-90.
Cai, J., Yang, S., Men, J., and He, J. (2014). Automatic software vulnerability detection based on guided deep fuzzing. In Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, pages 231-234.
Corina, J., Machiry, A., Salls, C., Shoshitaishvili, Y., Hao, S., Kruegel, C., and Vigna, G. (2017). Difuze: Interface aware fuzzing for kernel drivers. pages 2123-2138.
Cr4shloctl. (2011). Ioctl fuzzer - windows kernel drivers fuzzer. https://github.com/Cr4sh/ioctlfuzzer.
Godefroid, P. (2014). Micro execution. In Proceedings of the 36th International Conference on Software Engineering, ICSE 2014, pages 539-549, New York, NY, USA. Association for Computing Machinery.
Godefroid, P., Levin, M. Y., and Molnar, D. (2012). Sage: Whitebox fuzzing for security testing. Queue, 10(1):20:20-20:27.
Godefroid, P., Peleg, H., and Singh, R. (2017). Learn&fuzz: Machine learning for input fuzzing. In Proceedings of the 32Nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, pages 50-59, Piscataway, NJ, USA. IEEE Press.
Goodman, P. and Groce, A. (2018). Deepstate: Symbolic unit testing for c and c++.
Hoschele, M. and Zeller, A. (2016). Mining input grammars from dynamic taints. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, pages 720-725, New York, NY, USA. ACM.
Hoschele, M., Kampmann, A., and Zeller, A. (2017). Active learning of input grammars. CoRR, abs/1708.08731.
Ioctl. (2014). A mutation based user mode (ring3) dumb in-memory windowskernel (ioctl) fuzzer. https://github.com/debasishm89/iofuzz.
Ispoglou, K., Austin, D., Mohan, V., and Payer, M. (2020). Fuzzgen: Automatic fuzzer generation. In 29th USENIX Security Symposium (USENIX Security 20), Boston, MA. USENIX Association.
Jones, D. (2011). Trinity: Linux system call fuzzer. https://github.com/Cr4sh/ioctlfuzzer.
Kcov. (2011). kcov - code coverage analysis for compiled programs and python scripts. https://manpages.debian.org/unstable/kcov/kcov.1.en.html.
Kernel-fuzzing. (2016). Kernel-fuzzing. https://github.com/oracle/kernel- fuzzing.
Kim, K., Jeong, D., Kim, C. H., Jang, Y., Shin, I., and Lee, B. (2020). Hfl: Hybrid fuzzing on the linux kernel.
Lemieux, C., Padhye, R., Sen, K., and Song, D. (2018). Perffuzz: Automatically generating pathological inputs. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, pages 254-265, New York, NY, USA. Association for Computing Machinery.
Li, D. and Chen, H. (2019). Fastsyzkaller: Improving fuzz efficiency for linux kernel fuzzing. Journal of Physics: Conference Series, 1176:022013.
Liang, J., Wang, M., Zhou, C., Wu, Z., Jiang, Y., Liu, J., Liu, Z., and Sun, J. (2022). Pata: Fuzzing with path aware taint analysis. In 2022 IEEE Symposium on Security and Privacy (SP), pages 1-17.
Libfuzzer. (2016)LibFuzzer- a library for coverage-guided fuzz testing. https://llvm.org/docs/LibFuzzer.html.
Lou, B., & Song, J. (2020). A Study on Using Code Coverage Information Extracted from Binary to Guide Fuzzing.International Journal of Computer Science and Security (IJCSS), Volume (14): Issue (5): 2020.
Manes, V. J. M., Han, H., Han, C., Cha, S. K., Egele, M., Schwartz, E. J., and Woo, M. (2019). The art, science, and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering.
Miller, B. P., Fredriksen, L., and So, B. (1990). An empirical study of the reliability of unix utilities. Commun. ACM, 33(12):32-44.
Mouzarani, M., Sadeghiyan, B., and Zolfaghari, M. (2015). A smart fuzzing method for detecting heap-based buffer overflow in executable codes. In 21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015, Zhangjiajie, China, November 2015, pages 42-49.
Oehlert, P. (2005). Violating assumptions with fuzzing. IEEE Security and Privacy, 3(2):58-62.
Ognawala, S., Hutzelmann, T., Psallida, E., and Pretschner, A. (2017). Improving function coverage with munch: A hybrid fuzzing and directed symbolic execution approach. CoRR, abs/1711.09362.
Petsios, T., Zhao, J., Keromytis, A. D., and Jana, S. (2017). Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities. CoRR, abs/1708.08437.
Salem, H. A. and Song, J. (2021). Using grammar extracted from sample inputs to generate effective fuzzing files.
Sanitizer coverage. (2017). https://clang.llvm.org/docs/SanitizerCoverage.html.
Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., and Vigna, G. (2016). Driller: Augmenting fuzzing through selective symbolic execution. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016.
Suh, G. E., Lee, J. W., Zhang, D., and Devadas, S. (2004). Secure program execution via dynamic information flow tracking. SIGARCH Comput. Archit. News, 32(5):85-96.
Sutton, M., Greene, A., and Amini, P. (2007). Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional.
Syzkaller. (2017). syzkaller - linuxsyscall fuzzer. https://github.com/google/syzkaller.
Trail of Bits. (2016). Shin grr: Make fuzzing fast again. https://blog.trailofbits.com/2016/11/02/shin-grr-make-fuzzing-fast-again/.
Wang, S. and Wu, D. (2017). In-memory fuzzing for binary code similarity analysis. In 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 319-330.
Zalewski, M. (2013) American fuzzy lop. http://lcamtuf.coredump.cx/afl/.
Zalewski, M. (2015) New in afl: persistent mode. https://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent-mode.html.
Dr. Jia Song
Computer Science Department, University of Idaho, Moscow, Idaho, 83844 - United States of America

View all special issues >>