Fig 4 Comparison of number of tainted nodes by EMOFuzz and AFL.
The red line represents fuzzing process of EMOFuzz while blue line
represents that of AFL. (16) means the tainted length is 16 bytes.
To compare EMOFuzz with other state-of-the-art, we chose the widely used
coverage-guided fuzzing tool AFL [13]. We selected five sets from
Table 1 and compare the ability of in propagating tainted data. Specific
results are drawn in Figure 4. As shown in Figure 4, in the 24-hour
experiment, EMOFuzz demonstrated a stronger capability to propagate
flawed data than AFL, within an average improvement of 31%. Therefore,
it is more likely to identify exploitable memory objects.
Conclusion: In conclusion, this letter introduces EMOFuzz, an
innovative corrupted data propagation-guided fuzzing method,
specifically designed to address OOB write bugs in general-purpose
applications. EMOFuzz is effective in identifying vital memory objects,
thereby significantly enhancing the assessment of bug exploitability,
and aiding in the development of effective exploits.
2021 The Authors. Electronics Letters published by John Wiley
& Sons Ltd on behalf of The Institution of Engineering and Technology
This is an open access article under the terms of the Creative Commons
Attribution License, which permits use, distribution and reproduction in
any medium, provided the original work is properly cited.
Received: xx January 2021 Accepted: xx March 2021
doi: 10.1049/ell2.10001
References
- Brumley D, Poosankam P, Song D, et al. Automatic patch-based exploit
generation is possible: Techniques and implications[C]//2008 IEEE
Symposium on Security and Privacy (sp 2008). IEEE, 2008: 143-157.
- Avgerinos T, Cha S K, Rebert A, et al. Automatic exploit
generation[J]. Communications of the ACM, 2014, 57(2): 74-84.
- Bratus S, Locasto M E, Patterson M L. Exploit programming: From buffer
overflows to “weird machines” and theory of computation[J].
2011.
- Chen W, Zou X, Li G, et al. {KOOBE}: towards facilitating exploit
generation of kernel {Out-Of-Bounds} write
vulnerabilities[C]//29th USENIX Security Symposium (USENIX
Security 20). 2020: 1093-1110.
- Wu W, Chen Y, Xing X, et al. {KEPLER}: Facilitating control-flow
hijacking primitive evaluation for Linux kernel
vulnerabilities[C]//28th USENIX Security Symposium (USENIX
Security 19). 2019: 1187-1204.
- Chen Y, Xing X. Slake: Facilitating slab manipulation for exploiting
vulnerabilities in the linux kernel[C]//Proceedings of the 2019
ACM SIGSAC Conference on Computer and Communications Security. 2019:
1707-1722.
- Source Code Analysis with Static Value-Flow.
https://svf-tools.github.io/SVF/ 2023.
- Heelan S, Melham T, Kroening D. Gollum: Modular and greybox exploit
generation for heap overflows in interpreters[C]//Proceedings of
the 2019 ACM SIGSAC Conference on Computer and Communications
Security. 2019: 1689-1706.
- Heelan S, Melham T, Kroening D. Automatic heap layout manipulation for
exploitation[C]//27th USENIX Security Symposium (USENIX Security
18). 2018: 763-779.
- DATAFLOWSANITIZER. https://clang.llvm.org/docs/DataFlowSanitizer 2023
- Baldoni R, Coppa E, D’elia D C, et al. A survey of symbolic execution
techniques[J]. ACM Computing Surveys (CSUR), 2018, 51(3): 1-39.
- Aschermann C, Schumilo S, Blazytko T, et al. REDQUEEN: Fuzzing with
Input-to-State Correspondence[C]//NDSS. 2019, 19: 1-15.
- American fuzzy lop https://lcamtuf.coredump.cx/afl/ 2023.
- Masahiro Yamada and Jani Nikula. 2019. kcov:code coverage for fuzzing.
https://github.com/torvalds/linux/blob/master/
Documentation/dev-tools/kcov.rst
- Bao T, Wang R, Shoshitaishvili Y, et al. Your exploit is mine:
Automatic shellcode transplant for remote exploits[C]//2017 IEEE
Symposium on Security and Privacy (SP). IEEE, 2017: 824-839.