Get access

Structurized grammar-based fuzz testing for programs with highly structured inputs

Authors

  • Jingbo Yan,

    1. State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an, China
    Search for more papers by this author
  • Yuqing Zhang,

    Corresponding author
    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    • Correspondence: Yuqing Zhang, National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing 100049, China.

      E-mail: zhangyq@gucas.ac.cn

    Search for more papers by this author
  • Dingning Yang

    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author

ABSTRACT

Fuzz testing, also known as fuzzing, has long been recognized as an effective technique to detect software vulnerabilities. Unfortunately, this approach is demonstrated noneffective when applied to test programs with highly structured inputs, such as interpreters and compilers. These programs usually process inputs in several stages as lexing and parsing, where the test input will be rejected if its structure does not obey the grammar. In this paper, we present a novel approach for fuzzing highly structured input programs. By disassembling the existing test cases into multiple grammatical fragments and inferring their grammar structures, we build a new series of test cases that can pass the validation and reach the previously unexplored places in the target program. We have implemented this approach in our general fuzzing framework BlendFuzz. Experiments have shown that BlendFuzz achieves higher code coverage compared with other blackbox fuzzing tools. BlendFuzz has also detected over two dozens of previously unreported vulnerabilities in real-world applications, with seven of them being considered high risky. Copyright © 2013 John Wiley & Sons, Ltd.

Get access to the full text of this article

Ancillary