Home » Publication » 22146

Dettaglio pubblicazione

2020, Proceedings - 2020 IEEE Secure Development, SecDev 2020, Pages 23-30

Fuzzing Binaries for Memory Safety Errors with QASan (04b Atto di convegno in volume)

Fioraldi A., Delia D. C., Querzoni L.

Fuzz testing techniques are becoming pervasive for their ever-improving ability to generate crashing trial cases for programs. Memory safety violations however can lead to silent corruptions and errors, and a fuzzer may recognize them only in the presence of sanitization machinery. For closed-source software combining sanitization with fuzzing incurs practical obstacles that we try to tackle with an architecture-independent proposal called QASan for detecting heap memory violations. In our tests QASan is competitive with standalone sanitizers and adds a moderate 1.61x average slowdown to the AFL++ fuzzer while enabling it to reveal more heap-related bugs.
ISBN: 978-1-7281-8388-6
Gruppo di ricerca: Cybersecurity
© Università degli Studi di Roma "La Sapienza" - Piazzale Aldo Moro 5, 00185 Roma