One of the major limitations of mutation-based grey-box fuzzers is that they struggle in accessing code protected by magic bytes comparisons, which are routinely employed by parsers. The best solu- tion to this problem, the Steelix heuristic, proposes an implementation based on static binary instrumentation. This work demonstrates that, by using instead dynamic binary instrumentation, it is possible to obtain comparable performance and gain advantages in terms of precision and exibility of the instrumentation. We have demonstrated the feasibility of this approach both on a standard academic benchmark, LAVA-M, and on real-life large-scale software, using the macOS framework ImageIO.
A QBDI-based fuzzer taming magic bytes / Geretto, E.; Tessier, C.; Massacci, F.. - 2315:(2019). (Intervento presentato al convegno 3rd Italian Conference on Cyber Security, ITASEC 2019 tenutosi a ita nel 2019).
A QBDI-based fuzzer taming magic bytes
Geretto E.;Massacci F.
2019-01-01
Abstract
One of the major limitations of mutation-based grey-box fuzzers is that they struggle in accessing code protected by magic bytes comparisons, which are routinely employed by parsers. The best solu- tion to this problem, the Steelix heuristic, proposes an implementation based on static binary instrumentation. This work demonstrates that, by using instead dynamic binary instrumentation, it is possible to obtain comparable performance and gain advantages in terms of precision and exibility of the instrumentation. We have demonstrated the feasibility of this approach both on a standard academic benchmark, LAVA-M, and on real-life large-scale software, using the macOS framework ImageIO.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione