Research Article
Integrity: Finding Integer Errors by Targeted Fuzzing
@INPROCEEDINGS{10.1007/978-3-030-63086-7_20, author={Yuyang Rong and Peng Chen and Hao Chen}, title={Integrity: Finding Integer Errors by Targeted Fuzzing}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2020}, month={12}, keywords={Fuzzing Integer errors Software security}, doi={10.1007/978-3-030-63086-7_20} }- Yuyang Rong
Peng Chen
Hao Chen
Year: 2020
Integrity: Finding Integer Errors by Targeted Fuzzing
SECURECOMM
Springer
DOI: 10.1007/978-3-030-63086-7_20
Abstract
Integer arithmetic errors are a major source of software vulnerabilities. Since they rarely cause crashes, they are unlikely found by fuzzers without special techniques to trigger them. We design and implementIntegrity, which finds integer errors using fuzzing. Our key contribution is that, by targeted instrumentation, we empower fuzzers with the ability to trigger integer errors. In our evaluation,Integrity found all the integer errors in the Juliet test suite with no false positive. On 9 popular open source programs,Integrity found a total of 174 true errors, including 8 crashes and 166 non-crashing errors. A major challenge during error review was how to determine if a non-crashing error was harmful. While solving this problem precisely is challenging because it depends on the semantics of the program, we propose two methods to find potentially harmful errors, based on the statistics of traces produced by the fuzzer and on comparing the output of independent implementations of the same algorithm. Our evaluation demonstrated thatIntegrity is effective in finding integer errors.
