Boosting fuzzer efficiency: an information theoretic perspective

Marcel Böhme; Valentin J.M. Manès; Sang Kil Cha

doi:10.1145/3368089.3409748

Boosting fuzzer efficiency: an information theoretic perspective

Marcel Böhme, Valentin J.M. Manès, Sang Kil Cha

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

108 Citations (Scopus)

Abstract

In this paper, we take the fundamental perspective of fuzzing as a learning process. Suppose before fuzzing, we know nothing about the behaviors of a program P: What does it do? Executing the first test input, we learn how P behaves for this input. Executing the next input, we either observe the same or discover a new behavior. As such, each execution reveals "some amount"of information about P's behaviors. A classic measure of information is Shannon's entropy. Measuring entropy allows us to quantify how much is learned from each generated test input about the behaviors of the program. Within a probabilistic model of fuzzing, we show how entropy also measures fuzzer efficiency. Specifically, it measures the general rate at which the fuzzer discovers new behaviors. Intuitively, efficient fuzzers maximize information. From this information theoretic perspective, we develop Entropic, an entropy-based power schedule for greybox fuzzing which assigns more energy to seeds that maximize information. We implemented Entropic into the popular greybox fuzzer LibFuzzer. Our experiments with more than 250 open-source programs (60 million LoC) demonstrate a substantially improved efficiency and confirm our hypothesis that an efficient fuzzer maximizes information. Entropic has been independently evaluated and invited for integration into main-line LibFuzzer. Entropic now runs on more than 25,000 machines fuzzing hundreds of security-critical software systems simultaneously and continuously.

Original language	English
Title of host publication	Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Editors	Prem Devanbu, Myra Cohen, Thomas Zimmermann
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	678-689
Number of pages	12
ISBN (Electronic)	9781450370431
DOIs	https://doi.org/10.1145/3368089.3409748
Publication status	Published - 2020
Event	Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering 2020 - Virtual, United States of America Duration: 8 Nov 2020 → 13 Nov 2020 Conference number: 28th https://dl.acm.org/doi/proceedings/10.1145/3368089 (Proceedings) https://2020.esec-fse.org (Website)

Conference

Conference	Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering 2020
Abbreviated title	ESEC/FSE 2020
Country/Territory	United States of America
City	Virtual
Period	8/11/20 → 13/11/20
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3368089 (Proceedings) https://2020.esec-fse.org (Website)

Keywords

Efficiency
Entropy
Fuzzing
Information theory
Software testing

Access to Document

10.1145/3368089.3409748

Cite this

Böhme, M., Manès, V. J. M., & Cha, S. K. (2020). Boosting fuzzer efficiency: an information theoretic perspective. In P. Devanbu, M. Cohen, & T. Zimmermann (Eds.), Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 678-689). Association for Computing Machinery (ACM). https://doi.org/10.1145/3368089.3409748

Böhme, Marcel ; Manès, Valentin J.M. ; Cha, Sang Kil. / Boosting fuzzer efficiency : an information theoretic perspective. Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. editor / Prem Devanbu ; Myra Cohen ; Thomas Zimmermann. New York NY USA : Association for Computing Machinery (ACM), 2020. pp. 678-689

@inproceedings{2d759002e8b84c07b8eda7aa205dacee,

title = "Boosting fuzzer efficiency: an information theoretic perspective",

abstract = "In this paper, we take the fundamental perspective of fuzzing as a learning process. Suppose before fuzzing, we know nothing about the behaviors of a program P: What does it do? Executing the first test input, we learn how P behaves for this input. Executing the next input, we either observe the same or discover a new behavior. As such, each execution reveals {"}some amount{"}of information about P's behaviors. A classic measure of information is Shannon's entropy. Measuring entropy allows us to quantify how much is learned from each generated test input about the behaviors of the program. Within a probabilistic model of fuzzing, we show how entropy also measures fuzzer efficiency. Specifically, it measures the general rate at which the fuzzer discovers new behaviors. Intuitively, efficient fuzzers maximize information. From this information theoretic perspective, we develop Entropic, an entropy-based power schedule for greybox fuzzing which assigns more energy to seeds that maximize information. We implemented Entropic into the popular greybox fuzzer LibFuzzer. Our experiments with more than 250 open-source programs (60 million LoC) demonstrate a substantially improved efficiency and confirm our hypothesis that an efficient fuzzer maximizes information. Entropic has been independently evaluated and invited for integration into main-line LibFuzzer. Entropic now runs on more than 25,000 machines fuzzing hundreds of security-critical software systems simultaneously and continuously.",

keywords = "Efficiency, Entropy, Fuzzing, Information theory, Software testing",

author = "Marcel B{\"o}hme and Man{\`e}s, \{Valentin J.M.\} and Cha, \{Sang Kil\}",

year = "2020",

doi = "10.1145/3368089.3409748",

language = "English",

pages = "678--689",

editor = "Prem Devanbu and Myra Cohen and Thomas Zimmermann",

booktitle = "Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

note = "Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering 2020, ESEC/FSE 2020 ; Conference date: 08-11-2020 Through 13-11-2020",

url = "https://dl.acm.org/doi/proceedings/10.1145/3368089, https://2020.esec-fse.org",

}

Böhme, M, Manès, VJM & Cha, SK 2020, Boosting fuzzer efficiency: an information theoretic perspective. in P Devanbu, M Cohen & T Zimmermann (eds), Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Association for Computing Machinery (ACM), New York NY USA, pp. 678-689, Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering 2020, Virtual, New York, United States of America, 8/11/20. https://doi.org/10.1145/3368089.3409748

Boosting fuzzer efficiency: an information theoretic perspective. / Böhme, Marcel; Manès, Valentin J.M.; Cha, Sang Kil.
Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ed. / Prem Devanbu; Myra Cohen; Thomas Zimmermann. New York NY USA: Association for Computing Machinery (ACM), 2020. p. 678-689.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Boosting fuzzer efficiency

T2 - Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering 2020

AU - Böhme, Marcel

AU - Manès, Valentin J.M.

AU - Cha, Sang Kil

N1 - Conference code: 28th

PY - 2020

Y1 - 2020

N2 - In this paper, we take the fundamental perspective of fuzzing as a learning process. Suppose before fuzzing, we know nothing about the behaviors of a program P: What does it do? Executing the first test input, we learn how P behaves for this input. Executing the next input, we either observe the same or discover a new behavior. As such, each execution reveals "some amount"of information about P's behaviors. A classic measure of information is Shannon's entropy. Measuring entropy allows us to quantify how much is learned from each generated test input about the behaviors of the program. Within a probabilistic model of fuzzing, we show how entropy also measures fuzzer efficiency. Specifically, it measures the general rate at which the fuzzer discovers new behaviors. Intuitively, efficient fuzzers maximize information. From this information theoretic perspective, we develop Entropic, an entropy-based power schedule for greybox fuzzing which assigns more energy to seeds that maximize information. We implemented Entropic into the popular greybox fuzzer LibFuzzer. Our experiments with more than 250 open-source programs (60 million LoC) demonstrate a substantially improved efficiency and confirm our hypothesis that an efficient fuzzer maximizes information. Entropic has been independently evaluated and invited for integration into main-line LibFuzzer. Entropic now runs on more than 25,000 machines fuzzing hundreds of security-critical software systems simultaneously and continuously.

AB - In this paper, we take the fundamental perspective of fuzzing as a learning process. Suppose before fuzzing, we know nothing about the behaviors of a program P: What does it do? Executing the first test input, we learn how P behaves for this input. Executing the next input, we either observe the same or discover a new behavior. As such, each execution reveals "some amount"of information about P's behaviors. A classic measure of information is Shannon's entropy. Measuring entropy allows us to quantify how much is learned from each generated test input about the behaviors of the program. Within a probabilistic model of fuzzing, we show how entropy also measures fuzzer efficiency. Specifically, it measures the general rate at which the fuzzer discovers new behaviors. Intuitively, efficient fuzzers maximize information. From this information theoretic perspective, we develop Entropic, an entropy-based power schedule for greybox fuzzing which assigns more energy to seeds that maximize information. We implemented Entropic into the popular greybox fuzzer LibFuzzer. Our experiments with more than 250 open-source programs (60 million LoC) demonstrate a substantially improved efficiency and confirm our hypothesis that an efficient fuzzer maximizes information. Entropic has been independently evaluated and invited for integration into main-line LibFuzzer. Entropic now runs on more than 25,000 machines fuzzing hundreds of security-critical software systems simultaneously and continuously.

KW - Efficiency

KW - Entropy

KW - Fuzzing

KW - Information theory

KW - Software testing

UR - https://www.scopus.com/pages/publications/85091894023

U2 - 10.1145/3368089.3409748

DO - 10.1145/3368089.3409748

M3 - Conference Paper

AN - SCOPUS:85091894023

SP - 678

EP - 689

BT - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

A2 - Devanbu, Prem

A2 - Cohen, Myra

A2 - Zimmermann, Thomas

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 8 November 2020 through 13 November 2020

ER -

Böhme M, Manès VJM, Cha SK. Boosting fuzzer efficiency: an information theoretic perspective. In Devanbu P, Cohen M, Zimmermann T, editors, Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York NY USA: Association for Computing Machinery (ACM). 2020. p. 678-689 doi: 10.1145/3368089.3409748

Boosting fuzzer efficiency: an information theoretic perspective

Abstract

Conference

Keywords

Access to Document

Other files and links

Fortifying Our Digital Economy: Advanced Automated Vulnerability Discovery

Cite this

Boosting fuzzer efficiency: an information theoretic perspective

Abstract

Conference

Keywords

Access to Document

Other files and links

Projects

Fortifying Our Digital Economy: Advanced Automated Vulnerability Discovery

Cite this