CISPA
Browse

SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing

Download (1.37 MB)
conference contribution
posted on 2024-07-18, 10:08 authored by Felix Weissberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer, Konrad Rieck
A common paradigm for improving fuzzing performance is to focus on selected regions of a program rather than its entirety. While previous work has largely explored how these locations can be reached, their selection, that is, the where, has received little attention so far. In this paper, we fill this gap and present the first comprehensive analysis of target selection methods for fuzzing. To this end, we examine papers from leading security and software engineering conferences, identifying prevalent methods for choosing targets. By modeling these methods as general scoring functions, we are able to compare and measure their efficacy on a corpus of more than 1,600 crashes from the OSS-Fuzz project. Our analysis provides new insights for target selection in practice: First, we find that simple software metrics significantly outperform other methods, including common heuristics used in directed fuzzing, such as recently modified code or locations with sanitizer instrumentation. Next to this, we identify language models as a promising choice for target selection. In summary, our work offers a new perspective on directed fuzzing, emphasizing the role of target selection as an orthogonal dimension to improve performance.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

ACM ASIA Conference on Computer and Communications Security (AsiaCCS)

Journal

Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Page Range

1539–1553-1539–1553

Publisher

Association for Computing Machinery

BibTeX

@conference{Weissberg:Möller:Ganz:Imgrund:Pirch:Seidel:Schloegel:Eisenhofer:Rieck:2024, title = "SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing", author = "Weissberg, Felix" AND "Möller, Jonas" AND "Ganz, Tom" AND "Imgrund, Erik" AND "Pirch, Lukas" AND "Seidel, Lukas" AND "Schloegel, Moritz" AND "Eisenhofer, Thorsten" AND "Rieck, Konrad", year = 2024, month = 7, journal = "Proceedings of the 19th ACM Asia Conference on Computer and Communications Security", pages = "1539–1553--1539–1553", publisher = "Association for Computing Machinery", doi = "10.1145/3634737.3661141" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC