Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

AIMFuzz: Automated Function-Level In-Memory Fuzzing on Binaries

Authors
Kim, TaeWookHong, SukhyunCho, Yeongpil
Issue Date
Jul-2024
Publisher
Association for Computing Machinery, Inc
Keywords
automation; binary; fuzzing; in-memory fuzzing
Citation
ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pp 1510 - 1522
Pages
13
Indexed
SCOPUS
Journal Title
ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
Start Page
1510
End Page
1522
URI
https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/195386
DOI
10.1145/3634737.3644996
ISSN
0000-0000
Abstract
In-memory fuzzing, designed to perform direct mutation on memory contents, has gained attention as a technique that enables intensive, efficient testing. To facilitate this fuzzing technique, identifications of mutable buffers, which will be subject to mutation, and fuzzing target functions should be preceded. So far, these identifications have been relied on manual efforts with source code available. Unfortunately, such manual identifications are challenging on binary-only programs due mainly to loss of source-level information during compilation. To address this difficulty, this paper proposes AIMFuzz that supports in-memory fuzzing on binary programs at function level. AIMFuzz largely consists of two stages: the analysis stage that identifies mutable buffers and prioritizes fuzzing target functions based on dynamic taint tracking, and the fuzzing stage that tests the designated target functions by injecting mutated inputs through the identified mutable buffers. Noteworthily, these two stages are carried out automatically, eliminating daunting manual efforts for the binary. Our evaluation results demonstrate that AIMFuzz successfully detects bugs on real applications. AIMFuzz shows great effectiveness in testing selected target functions efficiently and thoroughly, and also comparable performance to the state-of-the-art implementation of in-memory fuzzing with better usability thanks to its automated analysis and testing.
Files in This Item
There are no files associated with this item.
Appears in
Collections
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Cho, Yeong pil photo

Cho, Yeong pil
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE