Ifuzzer:: An evolutionary interpreter fuzzer using genetic programming

Spandan Veggalam; Sanjay Rawat; Istvan Haller; Herbert Bos

doi:10.1007/978-3-319-45744-4_29

Ifuzzer: An evolutionary interpreter fuzzer using genetic programming

Spandan Veggalam, Sanjay Rawat, Istvan Haller, Herbert Bos

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

92 Citations (Scopus)

Abstract

We present an automated evolutionary fuzzing technique to find bugs in JavaScript interpreters. Fuzzing is an automated black box testing technique used for finding security vulnerabilities in the software by providing random data as input. However, in the case of an interpreter, fuzzing is challenging because the inputs are piece of codes that should be syntactically/semantically valid to pass the interpreter’s elementary checks. On the other hand, the fuzzed input should also be uncommon enough to trigger exceptional behavior in the interpreter, such as crashes, memory leaks and failing assertions. In our approach, we use evolutionary computing techniques, specifically genetic programming, to guide the fuzzer in generating uncommon input code fragments that may trigger exceptional behavior in the interpreter. We implement a prototype named IFuzzer to evaluate our technique on real-world examples. IFuzzer uses the language grammar to generate valid inputs. We applied IFuzzer first on an older version of the JavaScript interpreter of Mozilla (to allow for a fair comparison to existing work) and found 40 bugs, of which 12 were exploitable. On subsequently targeting the latest builds of the interpreter, IFuzzer found 17 bugs, of which four were security bugs.

Original language	English
Title of host publication	European Symposium on Research in Computer Security
Subtitle of host publication	ESORICS 2016. Lecture Notes in Computer Science
Pages	581-601
Number of pages	21
Volume	9878
ISBN (Electronic)	9783319457444
DOIs	https://doi.org/10.1007/978-3-319-45744-4_29
Publication status	Published - 15 Sept 2016

Publication series

Name
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-319-45744-4_29

Handle.net

Persistent link

Cite this

@inproceedings{3af56526f3604ade904c708581c58da5,

title = "Ifuzzer:: An evolutionary interpreter fuzzer using genetic programming",

abstract = "We present an automated evolutionary fuzzing technique to find bugs in JavaScript interpreters. Fuzzing is an automated black box testing technique used for finding security vulnerabilities in the software by providing random data as input. However, in the case of an interpreter, fuzzing is challenging because the inputs are piece of codes that should be syntactically/semantically valid to pass the interpreter{\textquoteright}s elementary checks. On the other hand, the fuzzed input should also be uncommon enough to trigger exceptional behavior in the interpreter, such as crashes, memory leaks and failing assertions. In our approach, we use evolutionary computing techniques, specifically genetic programming, to guide the fuzzer in generating uncommon input code fragments that may trigger exceptional behavior in the interpreter. We implement a prototype named IFuzzer to evaluate our technique on real-world examples. IFuzzer uses the language grammar to generate valid inputs. We applied IFuzzer first on an older version of the JavaScript interpreter of Mozilla (to allow for a fair comparison to existing work) and found 40 bugs, of which 12 were exploitable. On subsequently targeting the latest builds of the interpreter, IFuzzer found 17 bugs, of which four were security bugs.",

author = "Spandan Veggalam and Sanjay Rawat and Istvan Haller and Herbert Bos",

year = "2016",

month = sep,

day = "15",

doi = "10.1007/978-3-319-45744-4\_29",

language = "English",

isbn = "9783319457437",

volume = "9878",

pages = "581--601",

booktitle = "European Symposium on Research in Computer Security",

}

Ifuzzer: An evolutionary interpreter fuzzer using genetic programming. / Veggalam, Spandan; Rawat, Sanjay; Haller, Istvan et al.
European Symposium on Research in Computer Security: ESORICS 2016. Lecture Notes in Computer Science. Vol. 9878 2016. p. 581-601.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Ifuzzer:

T2 - An evolutionary interpreter fuzzer using genetic programming

AU - Veggalam, Spandan

AU - Rawat, Sanjay

AU - Haller, Istvan

AU - Bos, Herbert

PY - 2016/9/15

Y1 - 2016/9/15

N2 - We present an automated evolutionary fuzzing technique to find bugs in JavaScript interpreters. Fuzzing is an automated black box testing technique used for finding security vulnerabilities in the software by providing random data as input. However, in the case of an interpreter, fuzzing is challenging because the inputs are piece of codes that should be syntactically/semantically valid to pass the interpreter’s elementary checks. On the other hand, the fuzzed input should also be uncommon enough to trigger exceptional behavior in the interpreter, such as crashes, memory leaks and failing assertions. In our approach, we use evolutionary computing techniques, specifically genetic programming, to guide the fuzzer in generating uncommon input code fragments that may trigger exceptional behavior in the interpreter. We implement a prototype named IFuzzer to evaluate our technique on real-world examples. IFuzzer uses the language grammar to generate valid inputs. We applied IFuzzer first on an older version of the JavaScript interpreter of Mozilla (to allow for a fair comparison to existing work) and found 40 bugs, of which 12 were exploitable. On subsequently targeting the latest builds of the interpreter, IFuzzer found 17 bugs, of which four were security bugs.

AB - We present an automated evolutionary fuzzing technique to find bugs in JavaScript interpreters. Fuzzing is an automated black box testing technique used for finding security vulnerabilities in the software by providing random data as input. However, in the case of an interpreter, fuzzing is challenging because the inputs are piece of codes that should be syntactically/semantically valid to pass the interpreter’s elementary checks. On the other hand, the fuzzed input should also be uncommon enough to trigger exceptional behavior in the interpreter, such as crashes, memory leaks and failing assertions. In our approach, we use evolutionary computing techniques, specifically genetic programming, to guide the fuzzer in generating uncommon input code fragments that may trigger exceptional behavior in the interpreter. We implement a prototype named IFuzzer to evaluate our technique on real-world examples. IFuzzer uses the language grammar to generate valid inputs. We applied IFuzzer first on an older version of the JavaScript interpreter of Mozilla (to allow for a fair comparison to existing work) and found 40 bugs, of which 12 were exploitable. On subsequently targeting the latest builds of the interpreter, IFuzzer found 17 bugs, of which four were security bugs.

U2 - 10.1007/978-3-319-45744-4_29

DO - 10.1007/978-3-319-45744-4_29

M3 - Conference Contribution (Conference Proceeding)

SN - 9783319457437

VL - 9878

SP - 581

EP - 601

BT - European Symposium on Research in Computer Security