TL;DR
This paper introduces ReZZan, a lightweight memory error sanitizer optimized for fork-mode greybox fuzzing, significantly reducing performance overhead and improving bug detection efficiency.
Contribution
The paper presents a novel sanitizer design that uses randomized tokens for object boundaries, minimizing overhead in fork-mode fuzzing compared to traditional sanitizers.
Findings
ReZZan reduces fuzzing overhead to 1.14-1.27X from 2.36X with ASAN.
The new sanitizer effectively detects memory errors during fuzzing.
ReZZan enhances fuzzing performance without sacrificing bug detection capabilities.
Abstract
Greybox fuzzing is a proven and effective testing method for the detection of security vulnerabilities and other bugs in modern software systems. Greybox fuzzing can also be used in combination with a sanitizer, such as AddressSanitizer (ASAN), to further enhance the detection of certain classes of bugs such as buffer overflow and use-after-free errors. However, sanitizers also introduce additional performance overheads, and this can degrade the performance of greybox mode fuzzing -- measured in the order of 2.36X for fuzzing with ASAN -- partially negating the benefit of using a sanitizer in the first place. Recent research attributes the extra overhead to program startup/teardown costs that can dominate fork-mode fuzzing. In this paper, we present a new memory error sanitizer design that is specifically optimized for fork-mode fuzzing. The basic idea is to mark object boundaries…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
