Portal de Periódicos da CAPES

P-Fuzz: A Parallel Grey-Box Fuzzing Framework

2019; Multidisciplinary Digital Publishing Institute; Volume: 9; Issue: 23 Linguagem: Inglês

10.3390/app9235100

2076-3417

Congxi Song, Xu Zhou, Qidi Yin, Xinglu He, Hangwei Zhang, Kai Lü,

Software Reliability and Analysis Research

Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, we propose another direction of improvement in this field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz. P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. All fuzzing nodes get tasks from the database and update their fuzzing status to the database. Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment. The result shows that P-fuzz can easily speed up AFL about 2.59× and Roving about 1.66× on average by using 4 nodes.