[Review] autofz: Automated Fuzzer Composition at Runtime

[Review] autofz: Automated Fuzzer Composition at Runtime

Link here

This paper proposes a new fuzzing mechanism which integrates several fuzzers to perform a unique fuzzing process. For every workload, one or several optimal mixture of fuzzers are employed for fuzzing. Unlike the early work, autofz:

  1. Do not need presetting and human efforts.
  2. Allocate fuzzers for every workload, rather than every program.

Background:

  • A large amount of fuzzers have been created, which makes it difficult to choose a proper fuzzer for a specific fuzzing.
  • No universal fuzzer perpetually outperforms others, so choosing a optimal fuzzer will be difficult.
  • The efficiency of a fuzzer may not last for the whole fuzzing process.
  • Fuzzing is a random process, a optimal fuzzer may not always be that case.

Implementation:

  • Divide fuzzing process into two phases, preparation phase and focus phase.
  • In preparation phase, autofz tests every fuzzers and finds one or several well-performed fuzzers.
  • In focus phase, autofz allocates different resources for fuzzers chosen from preparation phase to perform fuzzing.
  • A workload is composed of a preparation phase and a focus phase, and a fuzzing process is composed of several workloads.

Evaluation:

  • Setup: Ubuntu 20.04 equipped with AMD Ryzen 9 3900 having 24 cores and 32 GB memory.
  • Baseline fuzzers: AFL, AFLFast, MOpt, FairFuzz, LearnAFL, QSYM, Angora, Redqueen, Radamsa, LAF-I NTEL, and libFuzzer.
  • Evaluate coverage, bugs found, elasticity, and compare with collaborative fuzzing.

Future work:

  • A better approach to choose the optimal fuzzers in the preparation phase.
  • How to automatically choose the fuzzer set used.




[Review] autofz: Automated Fuzzer Composition at Runtime

https://gax-c.github.io/blog/2023/10/31/16_paper_review_6/

Author

Gax

Posted on

2023-10-31

Updated on

2023-11-01

Licensed under

Comments