Fig 4  Comparison of number of tainted nodes by EMOFuzz and AFL. The red line represents fuzzing process of EMOFuzz while blue line represents that of AFL. (16) means the tainted length is 16 bytes.
To compare EMOFuzz with other state-of-the-art, we chose the widely used coverage-guided fuzzing tool AFL [13]. We selected five sets from Table 1 and compare the ability of in propagating tainted data. Specific results are drawn in Figure 4. As shown in Figure 4, in the 24-hour experiment, EMOFuzz demonstrated a stronger capability to propagate flawed data than AFL, within an average improvement of 31%. Therefore, it is more likely to identify exploitable memory objects.
Conclusion: In conclusion, this letter introduces EMOFuzz, an innovative corrupted data propagation-guided fuzzing method, specifically designed to address OOB write bugs in general-purpose applications. EMOFuzz is effective in identifying vital memory objects, thereby significantly enhancing the assessment of bug exploitability, and aiding in the development of effective exploits.
 2021 The Authors. Electronics Letters published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology
This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.
Received: xx January 2021 Accepted: xx March 2021
doi: 10.1049/ell2.10001
References
  1. Brumley D, Poosankam P, Song D, et al. Automatic patch-based exploit generation is possible: Techniques and implications[C]//2008 IEEE Symposium on Security and Privacy (sp 2008). IEEE, 2008: 143-157.
  2. Avgerinos T, Cha S K, Rebert A, et al. Automatic exploit generation[J]. Communications of the ACM, 2014, 57(2): 74-84.
  3. Bratus S, Locasto M E, Patterson M L. Exploit programming: From buffer overflows to “weird machines” and theory of computation[J]. 2011.
  4. Chen W, Zou X, Li G, et al. {KOOBE}: towards facilitating exploit generation of kernel {Out-Of-Bounds} write vulnerabilities[C]//29th USENIX Security Symposium (USENIX Security 20). 2020: 1093-1110.
  5. Wu W, Chen Y, Xing X, et al. {KEPLER}: Facilitating control-flow hijacking primitive evaluation for Linux kernel vulnerabilities[C]//28th USENIX Security Symposium (USENIX Security 19). 2019: 1187-1204.
  6. Chen Y, Xing X. Slake: Facilitating slab manipulation for exploiting vulnerabilities in the linux kernel[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019: 1707-1722.
  7. Source Code Analysis with Static Value-Flow. https://svf-tools.github.io/SVF/ 2023.
  8. Heelan S, Melham T, Kroening D. Gollum: Modular and greybox exploit generation for heap overflows in interpreters[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019: 1689-1706.
  9. Heelan S, Melham T, Kroening D. Automatic heap layout manipulation for exploitation[C]//27th USENIX Security Symposium (USENIX Security 18). 2018: 763-779.
  10. DATAFLOWSANITIZER. https://clang.llvm.org/docs/DataFlowSanitizer 2023
  11. Baldoni R, Coppa E, D’elia D C, et al. A survey of symbolic execution techniques[J]. ACM Computing Surveys (CSUR), 2018, 51(3): 1-39.
  12. Aschermann C, Schumilo S, Blazytko T, et al. REDQUEEN: Fuzzing with Input-to-State Correspondence[C]//NDSS. 2019, 19: 1-15.
  13. American fuzzy lop https://lcamtuf.coredump.cx/afl/ 2023.
  14. Masahiro Yamada and Jani Nikula. 2019. kcov:code coverage for fuzzing. https://github.com/torvalds/linux/blob/master/ Documentation/dev-tools/kcov.rst
  15. Bao T, Wang R, Shoshitaishvili Y, et al. Your exploit is mine: Automatic shellcode transplant for remote exploits[C]//2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017: 824-839.