Applied Sciences (Sep 2022)
ObFuzzer: Object-Oriented Hybrid Fuzzer for Binaries
Abstract
In recent years, coverage-guided technology has become the mainstream method of fuzzing. A coverage-guided fuzzer can guide a program to a new path (edge) so that previously untested code can be tested. As coverage-guided fuzzers have become more popular, the difficulty of discovering vulnerabilities has increased significantly. This paper proposes ObFuzzer, an object-oriented binary hybrid fuzzer based on a new assumption. Namely, the object which has been operated more times and operated in more positions is more likely to have defects. Our ObFuzzer consists of the following steps. First, ObFuzzer obtains the inner relations of object operations in the target program through static analysis and analyzes the riskiness of the basic blocks containing such operations. Then, ObFuzzer generates test cases that can guide the program to the basic blocks that this paper considers to be the most dangerous by symbolic execution. Finally, fuzzing is performed using the riskiness of the object operations rather than code coverage. To demonstrate the effectiveness of ObFuzzer over a traditional coverage-guided fuzzer, this paper evaluates its performance in a real program. When facing object-oriented programs, ObFuzzer has a 29% to 40% increase in object operation complexity during execution. These more complex object operations can enhance the ability to discover vulnerabilities related to object operations. Eventually, ObFuzzer found five unique vulnerabilities and one logic error without a crash in “xpdf”.
Keywords
