SaTC: CORE: Small: Concolic-Execution-Centric Fuzzing
University Of California-Riverside, Riverside CA
Investigators
Abstract
In software security, it is imperative to discover vulnerabilities in software and patch them before attackers exploit them. Fuzzing, which tests a target program with mutated inputs, is an effective technique for vulnerability discovery. Whitebox fuzzing (also known as concolic execution) collects detailed runtime information such as path constraints to precisely determine which input bytes to change and how to change them. Unfortunately, concolic execution has not been widely used, because of its low efficiency, lack of scalability, and unsatisfactory usability. This project aims to bring vulnerability discovery capability to the next level by significantly improving the efficiency, scalability, and usability of concolic execution, and designing a fuzzing system with concolic execution being the central component. The proposed research, if successful, can push vulnerability-discovery research to another level: finding vulnerabilities much faster than before, and finding vulnerabilities that are otherwise impossible to find using the existing techniques. As a result, more vulnerabilities can be patched before attackers find and exploit them, improving the security and quality of software systems. This project aims to develop: (1) a fast binary-code concolic execution engine, which significantly improves the efficiency of concolic execution for binary code by automatically switching between concrete mode and symbolic mode; (2) dual concolic execution, which combines source-code concolic execution and binary-code concolic execution to achieve best efficiency and usability simultaneously; and (3) a new hybrid fuzzing framework, in which concolic execution plays a central role, in terms of whether or not to flip a branch, which testcase to select next, and which testcases are discarded or synchronized with the other fuzzers. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →