[Review] Titan : Efficient Multi-target Directed Greybox Fuzzing

[Review] Titan : Efficient Multi-target Directed Greybox Fuzzing

Link here

The paper presents a multi-target fuzzing method, which fuzzes different targets at the same time.

Titan is proposed to perform this work, enabling the fuzzers to distinguish correlations between various targets in the program. And under these correlations, optimizes the input generation efficiently and simultaneously fuzzing different targets.

repo

Introduction:

In practice, more than 1000 potential targets may need verification, which will be costly. Current direct fuzzing only aims at on target at a time, lowering the verification efficiency, and generating multiple instances for fuzzing multiple targets will also be 3.6x slower compared with sequentially applying only one instance at a time for one target.

One of the root causes of this challenge is that existing approaches are unaware of the correlations between the targets and, as a result, could degenerate to undirected fuzzing as the number of targets grows, which is defined as synergy ignorance problem.

under these circumstances, Titan is created.

Implementation:

  • Classify the correlations to: overlapping, conflicting, independent.

  1. Use a static analyzer to infer the correlations among multiple targets based on their path conditions.
  2. Design a synergy-aware fuzzer that effectively generates inputs for multiple targets.
  • In order to deploy synergy-aware fuzzer efficiently, the correlations between the input bites are figured out. So, simultaneous mutation to the input bites may be possible.

Evaluation:

To answer four questions:

  • RQ1: How efficiently can Titan reproduce the vulnerabilities compared with other fuzzer?
  • RQ2: How effectively do the correlations inferred by Titan help reproduce the vulnerabilities?
  • RQ3: How effectively can Titan help other directed fuzzing for multiple targets?
  • RQ4: What is the runtime overhead brought by Titan?

Compare Titan with the following fuzzers:

  • benchmarks: Magma, detecting incomplete fixes.

Future work:

  • This paper only focus on the reachability of the targets, but without further exploration.



[Review] Titan : Efficient Multi-target Directed Greybox Fuzzing

https://gax-c.github.io/blog/2023/11/13/19_paper_review_9/

Author

Gax

Posted on

2023-11-13

Updated on

2023-11-13

Licensed under

Comments