1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential Fuzzing
1-day vulnerabilities are common in practice and have posed severe threats to end users, as adversaries could learn from released patches to find them and exploit them. Reproducing 1-day vulnerabilities is also crucial for defenders, e.g., to block attack traffic against 1-day vulnerabilities. A core question that affects the effectiveness of recognizing and triggering 1-day vulnerabilities is what is the unique feature of a security patch. After conducting a large-scale empirical study, we point out that a common and unique feature of patches is the trailing call sequence (TCS) and present a novel directed differential fuzzing solution 1dFuzz to efficiently reproduce 1-day vulnerabilities in this paper. Based on the TCS feature, we present a locator 1dLoc able to find candidate patch locations via static analysis, a novel TCS-based distance metric for directed fuzzing, and a novel sanitizer 1dSan able to catch PoCs for 1-day vulnerabilities during fuzzing. We have systematically evaluated 1dFuzz on a set of real-world software vulnerabilities in 11 different settings. Results show that 1dFuzz significantly outperforms state-of-the-art (SOTA) baselines and could find up to 2.26x more 1-day vulnerabilities with a 43% shorter time.
Wed 19 JulDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 17:00 | ISSTA Online 5: Domain-Specific TestingTechnical Papers at Habib Classroom (Gates G01) Chair(s): Michal Young University of Oregon | ||
15:30 10mTalk | DeUEDroid: Detecting Underground Economy Apps Based on UTG Similarity Technical Papers Zhuo Chen Zhejiang University; Ant Group, Jie Liu Ant Group, Yubo Hu Xidian University, Lei Wu Zhejiang University, Yajin Zhou Zhejiang University, Yiling He Zhejiang University, Xianhao Liao Ant Group, Ke Wang Ant Group, Jinku Li Xidian University, Zhan Qin Zhejiang University DOI | ||
15:40 10mTalk | Precise and Efficient Patch Presence Test for Android Applications against Code Obfuscation Technical Papers Zifan Xie Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Haoxiang Jia Huazhong University of Science and Technology, Xiaochen Guo Huazhong University of Science and Technology, Xiaotong Huang Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology DOI | ||
15:50 10mTalk | DDLDroid: Efficiently Detecting Data Loss Issues in Android Apps Technical Papers Yuhao Zhou Nanjing University of Science and Technology, Wei Song Nanjing University of Science and Technology DOI | ||
16:00 10mTalk | Exploring Missed Optimizations in WebAssembly Optimizers Technical Papers Zhibo Liu Hong Kong University of Science and Technology, Dongwei Xiao Hong Kong University of Science and Technology, Li Zongjie Hong Kong University of Science and Technology, Shuai Wang Hong Kong University of Science and Technology, Wei Meng Chinese University of Hong Kong DOI | ||
16:10 10mTalk | Vectorizing Program Ingredients for Better JVM Testing Technical Papers Tianchang Gao Tianjin University, Junjie Chen Tianjin University, Yingquan Zhao Tianjin University, Yuqun Zhang Southern University of Science and Technology, Lingming Zhang University of Illinois at Urbana-Champaign DOI | ||
16:20 10mTalk | 1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential Fuzzing Technical Papers Songtao Yang Tsinghua University, Yubo He Information Engineering University, Kaixiang Chen Tsinghua University, Zheyu Ma Tsinghua University, Xiapu Luo Hong Kong Polytechnic University, Yong Xie Qinghai University, Jianjun Chen Tsinghua University, Chao Zhang Tsinghua University DOI | ||
16:30 10mTalk | SBDT: Search-Based Differential Testing of Certificate Parsers in SSL/TLS Implementations Technical Papers Chu Chen Qufu Normal University, Pinghong Ren Qufu Normal University, Zhenhua Duan Xidian University, Cong Tian Xidian University, Xu Lu Xidian University, Bin Yu Xidian University DOI | ||
16:40 10mTalk | Silent Compiler Bug De-duplication via Three-Dimensional Analysis Technical Papers Chen Yang Tianjin University, Junjie Chen Tianjin University, Xingyu Fan Tianjin University, Jiajun Jiang Tianjin University, Jun Sun Singapore Management University DOI | ||
16:50 10mTalk | Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features Technical Papers Yiming Zhang Southern University of Science and Technology; Hong Kong Polytechnic University, Yuxin Hu Southern University of Science and Technology, Haonan Li Southern University of Science and Technology, Wenxuan Shi Southern University of Science and Technology, Zhenyu Ning Hunan University; Southern University of Science and Technology, Xiapu Luo Hong Kong Polytechnic University, Fengwei Zhang Southern University of Science and Technology DOI | ||