Catalogo dei prodotti della ricerca

Fuzz testing techniques are becoming pervasive for their ever-improving ability to generate crashing trial cases for programs. Memory safety violations however can lead to silent corruptions and errors, and a fuzzer may recognize them only in the presence of sanitization machinery. For closed-source software combining sanitization with fuzzing incurs practical obstacles that we try to tackle with an architecture-independent proposal called QASan for detecting heap memory violations. In our tests QASan is competitive with standalone sanitizers and adds a moderate 1.61x average slowdown to the AFL++ fuzzer while enabling it to reveal more heap-related bugs.

Fuzzing Binaries for Memory Safety Errors with QASan / Fioraldi, A.; Delia, D. C.; Querzoni, L.. - (2020), pp. 23-30. (Intervento presentato al convegno 2020 IEEE Secure Development, SecDev 2020 tenutosi a USA; Virtual, Atlanta) [10.1109/SecDev45635.2020.00019].

Fuzzing Binaries for Memory Safety Errors with QASan

Fioraldi A.;Delia D. C.;Querzoni L.

2020

Abstract

Fuzz testing techniques are becoming pervasive for their ever-improving ability to generate crashing trial cases for programs. Memory safety violations however can lead to silent corruptions and errors, and a fuzzer may recognize them only in the presence of sanitization machinery. For closed-source software combining sanitization with fuzzing incurs practical obstacles that we try to tackle with an architecture-independent proposal called QASan for detecting heap memory violations. In our tests QASan is competitive with standalone sanitizers and adds a moderate 1.61x average slowdown to the AFL++ fuzzer while enabling it to reveal more heap-related bugs.

Scheda breve

Scheda completa

	Anno di pubblicazione
	
				2020
			
	Nome convegno
	
				2020 IEEE Secure Development, SecDev 2020
			
	Parole chiave
	
				fuzzy set theory;program debugging;program diagnostics;program testing;public domain software;software reliability;memory safety errors;fuzz testing techniques;crashing trial cases;memory safety violations;silent corruptions;sanitization machinery;closed-source software;fuzzing incurs practical obstacles;architecture-independent proposal;heap memory violations;standalone sanitizers;AFL++ fuzzer;QASan;heap-related bugs;Fuzzing;Safety;Software;Resource management;Tools;Computer bugs;Proposals
			
	Tipologia
	
				04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
			
	Citazione
	
				Fuzzing Binaries for Memory Safety Errors with QASan / Fioraldi, A.; Delia, D. C.; Querzoni, L.. - (2020), pp. 23-30. (Intervento presentato al  convegno 2020 IEEE Secure Development, SecDev 2020 tenutosi a USA; Virtual, Atlanta) [10.1109/SecDev45635.2020.00019].
			
	Appartiene alla tipologia:
	
				04b Atto di convegno in volume

File allegati a questo prodotto

File	Dimensione	Formato
Fioraldi_Fuzzing_2020.pdf solo gestori archivio Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 397.62 kB Formato Adobe PDF Contatta l'autore	397.62 kB	Adobe PDF	Contatta l'autore
Fioraldi_preprint_Fuzzing_2020.pdf accesso aperto Note: DOI: 10.1109/SecDev45635.2020.00019 Tipologia: Documento in Pre-print (manoscritto inviato all'editore, precedente alla peer review) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 393.57 kB Formato Adobe PDF	393.57 kB	Adobe PDF

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1470329

Citazioni

ND

28

13

social impact