Sign up & Download
Sign in

TaintScope : A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

by Tielei Wang, Tao Wei, Guofei Gu, Wei Zou
View in Mendeley DesktopIn your librarySave reference to library
System (2009)
Volume: 71, Issue: 1-2, Publisher: IEEE, Pages: 497–512
  • ISSN: 03781097

Abstract

Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are ineffective if most generated malformed inputs are rejected in the early stage of program running, especially when target programs employ checksum mechanisms to verify the integrity of inputs. In this paper, we present TaintScope, an automatic fuzzing system using dynamic taint analysis and symbolic execution techniques, to tackle the above problem. TaintScope has several novel contributions: 1) TaintScope is the first checksum-aware fuzzing tool to the best of our knowledge. It can identify checksum fields in input instances, accurately lo- cate checksum-based integrity checks by using branch profiling techniques, and bypass such checks via control flow alteration. 2) TaintScope is a directed fuzzing tool working at X86 binary level (on both Linux and Window). Based on fine-grained dynamic taint tracing, TaintScope identifies which bytes in a well-formed input are used in security-sensitive operations (e.g., invoking system/library calls) and then focuses on modifying such bytes. Thus, generated inputs are more likely to trigger potential vulnerabilities. 3) TaintScope is fully automatic, from detecting checksum, directed fuzzing, to repairing crashed samples. It can fix checksum values in generated inputs using combined concrete and symbolic execution techniques. We evaluate TaintScope on a number of large real-world applications. Experimental results show that TaintScope can accurately locate the checksum checks in programs and dra- matically improve the effectiveness of fuzz testing. TaintScope has already found 27 previously unknown vulnerabilities in several widely used applications, including Adobe Acrobat, Google Picasa, Microsoft Paint, and ImageMagick. Most of these severe vulnerabilities have been confirmed by Secunia and oCERT, and assigned CVE identifiers (such as CVE-2009- 1882, CVE-2009-2688). Corresponding patches from vendors are released or in progress based on our reports.

Cite this document (BETA)

Sign up today - FREE

Mendeley saves you time finding and organizing research. Learn more

  • All your research in one place
  • Add and import papers easily
  • Access it anywhere, anytime

Start using Mendeley in seconds!

Already have an account? Sign in

Readership Statistics

17 Readers on Mendeley
by Discipline
 
88% Computer and Information Science
 
6% Biological Sciences
 
6% Arts and Literature
by Academic Status
 
53% Ph.D. Student
 
24% Student (Master)
 
6% Student (Bachelor)
by Country
 
41% United States
 
24% China
 
6% South Korea