No Linux, No Problem: Fast and Correct Windows Binary Fuzzing via Target-embedded Snapshotting
| dc.contributor.author | Stone, Leo Calvin | en |
| dc.contributor.committeechair | Hicks, Matthew | en |
| dc.contributor.committeemember | Meng, Na | en |
| dc.contributor.committeemember | Hoang, Thang | en |
| dc.contributor.department | Computer Science and Applications | en |
| dc.date.accessioned | 2023-05-20T08:00:21Z | en |
| dc.date.available | 2023-05-20T08:00:21Z | en |
| dc.date.issued | 2023-05-19 | en |
| dc.description.abstract | Coverage-guided fuzzing remains today's most successful approach for exposing software security vulnerabilities. Speed is paramount in fuzzing, as maintaining a high test case throughput enables more expeditious exploration of programs—leading to faster vulnerability discovery. High-performance fuzzers exploit the Linux kernel's customizability to implement process snapshotting: fuzzing-oriented execution primitives that dramatically increase fuzzing throughput. Unfortunately, such speeds remain elusive on Windows. The closed-source nature of its kernel prevents current kernel-based snapshotting techniques from being ported—severely limiting fuzzing's effectiveness on Windows programs. Thus, accelerating vetting of the Windows software ecosystem demands a fast, correct, and kernel-agnostic fuzzing execution mechanism. We propose making state snapshotting an application-level concern as opposed to a kernel-level concern via target-embedded snapshotting. Target-embedded-snapshotting combines binary- and library-level hooking to allow applications to snapshot themselves—while leaving both their source code and the Windows kernel untouched. Our evaluation on 10 real-world Windows binaries shows that target-embedded snapshotting overcomes the speed, correctness, and compatibility challenges of previous Windows fuzzing execution mechanisms (i.e., process creation, forkserver-based cloning, and in-memory looping). The result is 7–182x increased performance. | en |
| dc.description.abstractgeneral | Fuzzing, a type of automated analysis, is one of the most effective techniques for finding security vulnerabilities in programs. It works by creating randomized inputs for the program being analyzed, and then observing the effect of processing those inputs on the program. If an input causes a crash or other behavior that could be exploitable by malicious actors, the input is saved so that a human analyst can reproduce this behavior later to find and fix the underlying bug. In short, fuzzing is a tool for automatically exposing weaknesses in programs, so they can be fixed before they are exploited or cause software malfunction. We propose an improved version of the current most effective fuzzer for Windows programs, which uses a new technique for managing program state that allows for better performance while maintaining correctness, and thus discovers more bugs. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:36889 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/115124 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | fuzzing | en |
| dc.subject | security | en |
| dc.subject | windows | en |
| dc.title | No Linux, No Problem: Fast and Correct Windows Binary Fuzzing via Target-embedded Snapshotting | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Science and Applications | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1