TIFF: Using Input Type Inference To Improve Fuzzing Vivek Jain Sanjay Rawat International Institute of Information Technology Vrije Universiteit Hyderabad, India Amsterdam, NL
[email protected] [email protected] Cristiano Giuffrida Herbert Bos Vrije Universiteit Vrije Universiteit Amsterdam, NL Amsterdam, NL
[email protected] [email protected] ABSTRACT ACM Reference Format: Developers commonly use fuzzing techniques to hunt down all Vivek Jain, Sanjay Rawat, Cristiano Giuffrida, and Herbert Bos. 2018. TIFF: 2018 Annual Computer manner of memory corruption vulnerabilities during the testing Using Input Type Inference To Improve Fuzzing. In Security Applications Conference (ACSAC ’18), December 3–7, 2018, San phase. Irrespective of the fuzzer, input mutation plays a central role Juan, PR, USA. ACM, New York, NY, USA, 13 pages. https://doi.org/10. in providing adequate code coverage, as well as in triggering bugs. 1145/3274694.3274746 However, each class of memory corruption bugs requires a different trigger condition. While the goal of a fuzzer is to find bugs, most 1 INTRODUCTION existing fuzzers merely approximate this goal by targeting their mutation strategies toward maximizing code coverage. Ever since Barton Miller introduced the concept of fuzzing almost 3 In this work, we present a new mutation strategy that maximizes decades ago [35], fuzzing has played a vital role in discovering bugs the likelihood of triggering memory-corruption bugs by generating and evolved from a "dumb" (but effective) software testing technique fewer, but better inputs. In particular, our strategy achieves bug- to a range of sophisticated, "smart" methods for the systematic directed mutation by inferring the type of the input bytes.