Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle

TL;DR

Sydr-Fuzz is a continuous hybrid fuzzing tool that enhances automated bug detection and security testing by integrating dynamic analysis, crash triaging, and corpus utilities, outperforming coverage-guided fuzzers.

Contribution

The paper introduces Sydr-Fuzz, a novel hybrid fuzzing pipeline that combines Sydr, libFuzzer, and AFL++, with new security predicate checkers and crash analysis tools, advancing automated security testing.

Findings

Outperforms coverage-guided fuzzers in benchmarks.

Discovered 85 new real-world software flaws.

Open-sourced crash analysis tool Casr.

Abstract

Nowadays automated dynamic analysis frameworks for continuous testing are in high demand to ensure software safety and satisfy the security development lifecycle (SDL) requirements. The security bug hunting efficiency of cutting-edge hybrid fuzzing techniques outperforms widely utilized coverage-guided fuzzing. We propose an enhanced dynamic analysis pipeline to leverage productivity of automated bug detection based on hybrid fuzzing. We implement the proposed pipeline in the continuous fuzzing toolset Sydr-Fuzz which is powered by hybrid fuzzing orchestrator, integrating our DSE tool Sydr with libFuzzer and AFL++. Sydr-Fuzz also incorporates security predicate checkers, crash triaging tool Casr, and utilities for corpus minimization and coverage gathering. The benchmarking of our hybrid fuzzer against alternative state-of-the-art solutions demonstrates its superiority over coverage-guided fuzzers while remaining on the same level with advanced hybrid fuzzers. Furthermore, we approve the relevance of our approach by discovering 85 new real-world software flaws within the OSS-Sydr-Fuzz project. Finally, we open Casr source code to the community to facilitate examination of the existing crashes.