Collaborative Research: SaTC: CORE: Small: Self-Driving Continuous Fuzzing

协作研究：SaTC：核心：小型：自驱动连续模糊测试

• 批准号: 2247880
• 负责人: Ardalan Amiri Sani
• 金额: $ 30万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-08-01 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247880&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Continuous fuzzing is an emerging software testing paradigm that has gained significant traction in recent years. In this paradigm, a fuzzer is applied 24/7 to a piece of software as it is being developed/updated, hoping that the fuzzer can find the software bugs as soon as possible. It has been shown to be effective in finding bugs in large and complex pieces of software such as the Linux kernel, e.g., finding thousands of bugs and vulnerabilities in the past few years. Despite its perceived success, this project identifies an important limitation in today’s continuous fuzzing: a significant delay in finding a bug. This is fundamentally due to the lack of built-in features to make adjustments/improvements and be aware of its performance over time in general. We refer to this ability as “self-drive”. We argue that this is a critical ability because continuous fuzzing (1) by design needs to support the rapidly changing fuzzing target (under development) and (2) invests a large amount of resources and should use them effectively. The project further finds that (1) the first part of this delay is because the continuous fuzzer is initially incapable of finding some bugs, and (2) the second part of this delay is because the continuous fuzzer fails to use its resources effectively to find the bugs that it is already capable of finding. The successful completion of the project will enable continuous fuzzing to find bugs and vulnerabilities faster. Consequently, the project will help improve the quality of software systems tested with continuous fuzzing, which ultimately benefits society and the economy at large. This project investigates two research thrusts to address the aforementioned limitation. The goal of the first thrust is to improve the capability of the continuous fuzzer to find bugs that it could not find before. More specifically, it develops the capability of continuous generation and refinement of software interface descriptions. It investigates novel methods that combine various analysis techniques to overcome the challenge of analyzing a large-scale piece of software, providing the ability of self-correction and better precision and scalability. The goal of the second thrust is to enable the continuous fuzzer to find the bugs that it is capable of finding faster. This thrust investigates a scheduler for the continuous fuzzer. The goal of the scheduler is to optimize the use of existing resources of a continuous fuzzer to adequately fuzz all the interfaces of a given piece of software. It also explores a resource planning strategy for the continuous fuzzer to dynamically and automatically adjust the amount of resources available to it to achieve acceptable performance in terms of bug-finding delay.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

连续模糊测试是一种新兴的软件测试范例，近年来获得了巨大的关注，在这种范例中，模糊器在软件开发/更新时全天候（24/7）地应用于该软件，希望模糊器能够发现软件错误。它已被证明可以有效地查找大型且复杂的软件（例如 Linux 内核）中的错误，例如，尽管它被认为在过去几年中发现了数千个错误和漏洞。尽管该项目取得了成功，但它发现了当今连续模糊测试的一个重要限制：发现错误的时间明显延迟，这从根本上来说是由于缺乏内置功能来进行调整/改进并了解其随着时间的推移的性能。我们将这种能力称为“自我驱动”，因为连续模糊测试（1）在设计上需要支持快速变化的模糊测试目标（正在开发中）以及（2）投入大量资源并且应该有效地使用它们。项目进一步发现（1）此延迟的第一部分是因为连续模糊器最初无法发现一些错误，（2）此延迟的第二部分是因为连续模糊器未能有效地使用其资源来发现错误该项目的成功完成将使连续模糊测试能够更快地发现检查的错误和漏洞，该项目将有助于提高连续模糊测试测试的软件系统的质量，这最终有利于社会和经济。在该项目提出了两个研究重点来解决上述局限性，第一个重点是提高连续模糊器发现以前无法发现的错误的能力。它研究了结合各种分析技术的新方法，以克服分析大型软件的挑战，提供自我校正的能力以及更好的精度和可扩展性。启用连续模糊器为了更快地找到它能够找到的错误，该推力研究了连续模糊器的调度器，调度器的目标是优化连续模糊器的现有资源的使用，以充分模糊给定部分的所有接口。它还探索了连续模糊器的资源规划策略，以动态、自动地调整可用资源量，以在错误查找延迟方面实现可接受的性能。该奖项反映了 NSF 的法定使命，并被认为值得支持。通过使用基金会的智力优点和更广泛的影响审查标准进行评估。