A Taint Based Smart Fuzzing Approach for Integer Overflow Vulnerability Detection

-Fuzzing is one of the most commonly used methods to detect software vulnerabilities which are one major cause of information security incidents. The basic idea of fuzzing is to discover software vulnerabilities by feeding unexpected input and monitoring abnormal behaviors. Although it has advantages of simple design and low error report, its efficiency is usually poor. In this paper we present a taint based smart fuzzing approach for integer overflow vulnerability detection and a tool, SwordFuzzer, which implements this approach. Unlike standard fuzzing techniques, which randomly change parts of the input file with no information about the underlying syntactic structure of the file, SwordFuzzer uses online dynamic taint analysis to identify which bytes in the input file are used in security-sensitive operations (e.g., Malloc) and then focuses on mutating such bytes. Thus, generated inputs are more likely to trigger potential vulnerabilities. We evaluated SwordFuzzer with an example program and a number of real applications, experimental results show that SwordFuzzer can accurately locate the key bytes of the input file and dramatically improve the effectiveness of fuzzing. Further efficacy for detection of zero-day integer overflow vulnerabilities is being under test.