*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: An IR-based Fuzzing Approach for Finding Context-Aware Bugs in API-based Systems
Wen Xu
Ph.D. Student
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Wednesday, December 2, 2020
Time: 1:00 pm - 2:30 pm (EST)
Location: *No Physical Location*
BlueJeans: https://gatech.bluejeans.com/5992360268
Committee:
---------------
Dr. Taesoo Kim (Advisor, School of Computer Science, Georgia Institute of Technology)
Dr. Wenke Lee (School of Computer Science, Georgia Institute of Technology)
Dr. Alessandro Orso (School of Computer Science, Georgia Institute of Technology)
Dr. Qirun Zhang (School of Computer Science, Georgia Institute of Technology)
Dr. Weidong Cui (Microsoft Research Redmond)
Abstract:
---------------
Fuzzing, a time-honored software testing approach, has gained increasing
popularity in recent years. With the emerging utilization of coverage
feedback, random inputs generated by merely byte- or syntactic-level
mutations effectively discover numerous bugs in the real-world programs that
accept binary or structural inputs. Nevertheless, API-based systems, a large
group of security critical software including OS kernels and web browsers,
that accept a program input comprising API calls are the exceptions. The deep
context-aware bugs in API-based systems involve semantically correct inputs
with certain context complexity. Such inputs are hardly constructed in a
context-insensitive manner even with feedback guidance in practice.
In this proposal, we first present two state-of-the-art fuzzers that find
context-aware bugs in different API-based systems with domain-specific
designs. The first one is Janus, a kernel file system fuzzer. In the design
of Janus, we first time introduce the concept of context-aware API
generation. Particularly, Janus maintains file object states to generate
every file operation and updates the states after generation in order to avoid
semantic errors. The second one is FREEDOM, a DOM engine fuzzer. Unlike the
previous fuzzers that can only generate random HTML documents based on
context-free grammars, FREEDOM designs a custom IR for HTML document to
enable both DOM API generation and mutation in a context-aware manner.
Finally, we will propose GAF (General-API-Fuzzing), an API fuzzing platform
that adopts a general IR-based solution to context-aware API call generation
and mutation for any type of common API-based systems. GAF provides a
pseudoformal language for the developers to define not only API prototypes but
also context interactions. GAF then automatically compiles an API grammar
file into a fuzzing engine that generates random API programs represented in
GAF IR based on the grammar. A GAF IR program can also be mutated into new
ones with context-awareness for testing. In general, GAF aims at being the
first design standard for general API fuzzers and facilitating bug finding
in real-world API-based systems.
