Invivo Fuzzing by Amplifying Actual Executions

A major bottleneck that remains when fuzzing software libraries is the need for fuzz drivers, i.e., the glue code between the fuzzer and the library. Despite years of fuzzing, critical security flaws are still found, e.g., by manual auditing, because the fuzz drivers do not cover the complex interac...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings / International Conference on Software Engineering pp. 1566 - 1578
Main Authors: Galland, Octavio, Bohme, Marcel
Format: Conference Proceeding
Language:English
Published: IEEE 26.04.2025
Subjects:
Codes
Fuzzing
Manuals
Security
Software libraries
ISSN:1558-1225
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract A major bottleneck that remains when fuzzing software libraries is the need for fuzz drivers, i.e., the glue code between the fuzzer and the library. Despite years of fuzzing, critical security flaws are still found, e.g., by manual auditing, because the fuzz drivers do not cover the complex interactions between the library and the host programs using it. In this work we propose an alternative approach to library fuzzing, which leverages a valid execution context that is set up by a given program using the library (the host), and amplify its execution. More specifically, we execute the host until a designated function from a list of target functions has been reached, and then perform coverage-guided function-level fuzzing on it. Once the fuzzing quota is exhausted, we move on to fuzzing the next target from the list. In this way we not only reduce the amount of manual work needed by a developer to incorporate fuzzing into their workflow, but we also allow the fuzzer to explore parts of the library as they are used in real-world programs that may otherwise not have been tested due to the simplicity of most fuzz drivers.
AbstractList A major bottleneck that remains when fuzzing software libraries is the need for fuzz drivers, i.e., the glue code between the fuzzer and the library. Despite years of fuzzing, critical security flaws are still found, e.g., by manual auditing, because the fuzz drivers do not cover the complex interactions between the library and the host programs using it. In this work we propose an alternative approach to library fuzzing, which leverages a valid execution context that is set up by a given program using the library (the host), and amplify its execution. More specifically, we execute the host until a designated function from a list of target functions has been reached, and then perform coverage-guided function-level fuzzing on it. Once the fuzzing quota is exhausted, we move on to fuzzing the next target from the list. In this way we not only reduce the amount of manual work needed by a developer to incorporate fuzzing into their workflow, but we also allow the fuzzer to explore parts of the library as they are used in real-world programs that may otherwise not have been tested due to the simplicity of most fuzz drivers.
Author Galland, Octavio
Bohme, Marcel
Author_xml – sequence: 1
  givenname: Octavio
  surname: Galland
  fullname: Galland, Octavio
  organization: Canonical,Argentina
– sequence: 2
  givenname: Marcel
  surname: Bohme
  fullname: Bohme, Marcel
  organization: MPI-SP,Germany
BookMark eNotj8FOg0AURUejiW3tH3TBD4Bv3mNmmCUhVEmauFDXzYMOZgyFpkAj_Xoxuro5m5Nzl-Ku7VonxEZCJCXYpyJ7y5Wi2EQIqCIAafBGrK2xCZFUoLSVt2IhlUpCiagexLLvvwBAx9YuRFS0F3_pgu14vfr2MyinID2eGl9Pv5RWw8hNkH-7ahx81_aP4r7mpnfr_12Jj23-nr2Eu9fnIkt3IaOGIZxTUMWGDcwZzllSGiujiZgwJgeHREHpkorlgTWUhBUCSway7IDrklZi8-f1zrn96eyPfJ7282G0iUb6AVXzRMU
CODEN IEEPAD
ContentType Conference Proceeding
DBID 6IE
6IH
CBEJK
ESBDL
RIE
RIO
DOI 10.1109/ICSE55347.2025.00172
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Proceedings Order Plan (POP) 1998-present by volume
IEEE Xplore All Conference Proceedings
IEEE Xplore Open Access (Activated by CARLI)
IEEE Electronic Library (IEL)
IEEE Proceedings Order Plans (POP) 1998-present
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISBN 9798331505691
EISSN 1558-1225
EndPage 1578
ExternalDocumentID 11029862
Genre orig-research
GroupedDBID -~X
.4S
.DC
29O
5VS
6IE
6IF
6IH
6IK
6IL
6IM
6IN
8US
AAJGR
AAWTH
ABLEC
ADZIZ
ALMA_UNASSIGNED_HOLDINGS
ARCSS
AVWKF
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
CHZPO
EDO
ESBDL
FEDTE
I-F
IEGSK
IJVOP
IPLJI
M43
OCL
RIE
RIL
RIO
ID FETCH-LOGICAL-a260t-2022547a70798ee93562c7633a3243e0d850be8ca1da60b32c20a1a039ae0afb3
IEDL.DBID RIE
ISICitedReferencesCount 0
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001538318100122&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
IngestDate Wed Aug 27 01:40:27 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed false
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-a260t-2022547a70798ee93562c7633a3243e0d850be8ca1da60b32c20a1a039ae0afb3
OpenAccessLink https://ieeexplore.ieee.org/document/11029862
PageCount 13
ParticipantIDs ieee_primary_11029862
PublicationCentury 2000
PublicationDate 2025-April-26
PublicationDateYYYYMMDD 2025-04-26
PublicationDate_xml – month: 04
  year: 2025
  text: 2025-April-26
  day: 26
PublicationDecade 2020
PublicationTitle Proceedings / International Conference on Software Engineering
PublicationTitleAbbrev ICSE
PublicationYear 2025
Publisher IEEE
Publisher_xml – name: IEEE
SSID ssj0006499
Score 2.2968287
Snippet A major bottleneck that remains when fuzzing software libraries is the need for fuzz drivers, i.e., the glue code between the fuzzer and the library. Despite...
SourceID ieee
SourceType Publisher
StartPage 1566
SubjectTerms Codes
Fuzzing
Manuals
Security
Software libraries
Title Invivo Fuzzing by Amplifying Actual Executions
URI https://ieeexplore.ieee.org/document/11029862
WOSCitedRecordID wos001538318100122&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LawIxEA6t9NCTfVj6JodeV7NJzGaPIkqFIkJb8CZJdgJe1mJVrL--k-xqe-mhtxACIa_5ZjLzzRDyJAFRQHueuFSrRDqvEoQRSArwDm1mZ7yMROGXbDzW02k-qcnqkQsDADH4DNqhGX35xcKtw1dZB6GK5zpI3OMsUxVZ6yB2FeruNTcuZXln1H8ddLtCZmgD8vBvkoYkwL8qqEQAGTb_OfUZaf1Q8ejkADLn5AjKC9Lc12Kg9dO8JO1RuZlvFnS43u1wILVftBeCxSONifYiTYQOtuCqi9Yi78PBW_85qWshJAYtjhVeZnx4MjMhoZ0GyAXqLQ5lgzCoEQlghe4yC9qZtDCKWcEdZyY1TOQGmPFWXJFGuSjhmlCbegHCM6-slEWOFpcX2gsPouDa2OyGtML6Zx9VuovZfum3f_TfkdOwxcHFwtU9aayWa3ggJ26zmn8uH-MhfQNbKJKk
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LawIxEB6KLbQn-7D03Rx6Xc0m2d3sUURRakWoBW-SzU7Ay1qsK62_vklcbS899BZCIOQ130xmvhmAJ4EWBaRhgQ5lHAht4sDCCAY5Gm1tZq2M8EThYTIayek0HVdkdc-FQUQffIZN1_S-_HyhS_dV1rJQxVLpJO5hJASjW7rWXvDGVnuv2HEhTVuDzms3irhIrBXI3M9J6NIA_6qh4iGkV__n5KfQ-CHjkfEeZs7gAItzqO-qMZDqcV5Ac1Cs5-sF6ZWbjR1Isi_SduHinshE2p4oQrqfqLdXrQFvve6k0w-qagiBsjbHyl5n-_REolxKO4mYcqu5aCsduLI6EUeay4hmKLUKcxXTjDPNqAoV5alCqkzGL6FWLAq8ApKFhiM31MSZEHlqbS7DpeEGec6kypJraLj1z963CS9mu6Xf_NH_CMf9yctwNhyMnm_hxG23c7iw-A5qq2WJ93Ck16v5x_LBH9g3L1-V6w
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=Invivo+Fuzzing+by+Amplifying+Actual+Executions&rft.au=Galland%2C+Octavio&rft.au=Bohme%2C+Marcel&rft.date=2025-04-26&rft.pub=IEEE&rft.eissn=1558-1225&rft.spage=1566&rft.epage=1578&rft_id=info:doi/10.1109%2FICSE55347.2025.00172&rft.externalDocID=11029862