logo
allArticlesConferencesPresentations

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses the challenges in verifying the correctness of parsers and proposes the use of fuzzing to generate test cases.
  • Verifying the correctness of parsers is challenging due to differences in parsing algorithms and poor documentation
  • Tree generation flaws and opaque tokens also contribute to the difficulty in testing parsers
  • Fuzzing can be used to generate a large number of test cases, but traditional fuzzing methods may not be effective for testing parsers
  • A targeted approach to fuzzing can be developed to test parsers more effectively
The presenter mentions crawling the web and looking at Stack Overflow and open-source projects to gather test cases, but notes that this method may not provide enough variety and coverage. They suggest using a buzzer to generate test cases at a higher rate, but note that traditional fuzzing methods may not be effective for testing parsers. The presenter proposes developing a targeted approach to fuzzing to address this issue.

Abstract

Fuzzers have played an important role in the discovery of reliability and security flaws in software for decades. They have allowed for test case generation at a rate impossible by hand and the creation of test cases humans may never conceive of. While there are many excellent fuzzers available most are designed for mutating source files or input in random ways and attempting to discover edge cases in the handling of them. Some others are designed with structured input in mind and use grammars to more strategically generate and mutate possible inputs that adhere to the format defined. These specifically are the ones we care about for the goals of identifying differences between multiple implementations of a single language, finding bugs in parse tree generation/handling of tokens, and handling of the data at runtime once it has been successfully lexically and syntactically analyzed. We'll look at some of the shortcomings of existing fuzzers and discuss the implementation for a new platform designed to make fuzzer creation easier with the goal of being able utilize grammars from the implementations of the languages themselves.
Materials:
Tags:

Post a comment

Related work

hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day

Conference:  BlackHat USA 2021
Authors:
2021-08-04

Getting More Confident with Your Security Helper Libraries Thanks to Go Fuzzing

Conference:  Cloud Native SecurityCon North America 2022
Authors: Jeremy Matos
2022-10-25

Fuzzing Session: Finding Bugs and Vulnerabilities Automatically

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: David Korczynski, Adam Korczynski
2022-10-28

Building and Managing a Centralized ML Platform with Kubeflow at CERN

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Ricardo Rocha, Dejan Golubovic

What the Fuzz

Conference:  BlackHat EU 2019
Authors:
2019-12-05

Trusting Software - Runtime Protection Is the Third Alternative

Conference:  Global AppSec Dublin 2023
Authors: Jeff Williams
2023-02-15