Hawkeye: Towards a desired directed grey-box fuzzer

Author

Hongxu CHEN
Yinxing XUE
Yuekang LI
Bihuan CHEN
Xiaofei XIE, Singapore Management UniversityFollow
Xiuheng WU
Yang LIU

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

10-2018

Abstract

Grey-box fuzzing is a practically effective approach to test real-world programs. However, most existing grey-box fuzzers lack directedness, i.e. the capability of executing towards user-specified target sites in the program. To emphasize existing challenges in directed fuzzing, we propose Hawkeye to feature four desired properties of directed grey-box fuzzers. Owing to a novel static analysis on the program under test and the target sites, Hawkeye precisely collects the information such as the call graph, function and basic block level distances to the targets. During fuzzing, Hawkeye evaluates exercised seeds based on both static information and the execution traces to generate the dynamic metrics, which are then used for seed prioritization, power scheduling and adaptive mutating. These strategies help Hawkeye to achieve better directedness and gravitate towards the target sites. We implemented Hawkeye as a fuzzing framework and evaluated it on various real-world programs under different scenarios. The experimental results showed that Hawkeye can reach the target sites and reproduce the crashes much faster than state-of-the-art grey-box fuzzers such as AFL and AFLGo. Specially, Hawkeye can reduce the time to exposure for certain vulnerabilities from about 3.5 hours to 0.5 hour. By now, Hawkeye has detected more than 41 previously unknown crashes in projects such as Oniguruma, MJS with the target sites provided by vulnerability prediction tools; all these crashes are confirmed and 15 of them have been assigned CVE IDs.

Keywords

Fuzz Testing, Static Analysis

Discipline

Information Security | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

CCS '18: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Toronto, October 15-19

First Page

2095

Last Page

2108

ISBN

9781450356930

Identifier

10.1145/3243734.3243849

Publisher

ACM

City or Country

New York

Citation

CHEN, Hongxu; XUE, Yinxing; LI, Yuekang; CHEN, Bihuan; XIE, Xiaofei; WU, Xiuheng; and LIU, Yang. Hawkeye: Towards a desired directed grey-box fuzzer. (2018). CCS '18: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Toronto, October 15-19. 2095-2108.
Available at: https://ink.library.smu.edu.sg/sis_research/7063

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3243734.3243849