SnapFuzz: High-throughput fuzzing of network applications

File Description SizeFormat 
snapfuzz-issta22.pdfFile embargoed until 01 January 10000626.18 kBAdobe PDF    Request a copy
Title: SnapFuzz: High-throughput fuzzing of network applications
Authors: Andronidis, A
Cadar, C
Item Type: Conference Paper
Abstract: In recent years, fuzz testing has benefited from increased com- putational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these successes, not all applications can be fuzzed efficiently. In particular, stateful applications such as network protocol implementations are constrained by a low fuzzing throughput and the need to develop complex fuzzing harnesses that involve custom time delays and clean-up scripts. In this paper, we present SnapFuzz, a novel fuzzing framework for network applications. SnapFuzz offers a robust architecture that transforms slow asynchronous network communication into fast synchronous communication, snapshots the target at the latest point at which it is safe to do so, speeds up file operations by redirecting them to a custom in-memory filesystem, and removes the need for many fragile modifications, such as configuring time delays or writing clean-up scripts. Using SnapFuzz, we fuzzed five popular networking applications: LightFTP, TinyDTLS, Dnsmasq, LIVE555 and Dcmqrscp. We report impressive performance speedups of 62.8 x, 41.2 x, 30.6 x, 24.6 x, and 8.4 x, respectively, with significantly simpler fuzzing harnesses in all cases. Due to its advantages, SnapFuzz has also found 12 extra crashes compared to AFLNet in these applications.
Date of Acceptance: 8-Apr-2022
URI: http://hdl.handle.net/10044/1/97429
Publisher: ACM
Journal / Book Title: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (I
Copyright Statement: This paper is embargoed until publication.
Sponsor/Funder: European Research Council (ERC)
Funder's Grant Number: 819141
Conference Name: International Symposium on Software Testing and Analysis (ISSTA 2022)
Publication Status: Accepted
Start Date: 2202-07-18
Finish Date: 2022-07-22
Conference Place: Virtual, South Korea
Embargo Date: publication subject to indefinite embargo
Appears in Collections:Computing