CONFUZZION: A Java Virtual Machine Fuzzer for Type Confusion Vulnerabilities

Bonnaventure, William; Khanfir, Ahmed; BARTEL, Alexandre; Papadakis, Mike; Le Traon, Yves

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

CONFUZZION: A Java Virtual Machine Fuzzer for Type Confusion Vulnerabilities

Bonnaventure, William; Khanfir, Ahmed; BARTEL, Alexandre et al.

2021 • In IEEE International Conference on Software Quality, Reliability, and Security (QRS), 2021

Peer reviewed

Permalink
https://hdl.handle.net/10993/48983

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

ConfuzzionPaper-QRS.pdf

Publisher postprint (258.49 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Bonnaventure, William

Khanfir, Ahmed ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal

BARTEL, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Papadakis, Mike ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)

Le Traon, Yves ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal

External co-authors :

yes

Language :

English

Title :

CONFUZZION: A Java Virtual Machine Fuzzer for Type Confusion Vulnerabilities

Publication date :

2021

Event name :

IEEE International Conference on Software Quality, Reliability, and Security (QRS), 2021

Event date :

6-12-21 to 9-12-21

Main work title :

IEEE International Conference on Software Quality, Reliability, and Security (QRS), 2021

Peer reviewed :

Peer reviewed

FnR Project :

FNR12630949 - Software Testing In A Fast, Clever And Effective Way, 2018 (01/01/2019-30/09/2022) - Yves Le Traon

Available on ORBilu :

since 13 December 2021

Statistics

Number of views

153 (25 by Unilu)

Number of downloads

495 (24 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

"CVE-2014-0456." Available from MITRE, CVE-ID CVE-2014-0456, Dec. 12 2013, https://cve.mitre.org/cgi-bin/cvename.cginame= CVE-2014-0456.
"CVE-2015-4843." Available from MITRE, CVE-ID CVE-2015-4843, Jun. 24 2015, https://cve.mitre.org/cgi-bin/cvename.cginame= CVE-2015-4843.
"CVE-2016-3587." Available from MITRE, CVE-ID CVE-2016-3587, Mar. 17 2016, https://cve.mitre.org/cgi-bin/cvename.cginame= CVE-2016-3587.
"CVE-2017-3272." Available from MITRE, CVE-ID CVE-2017-3272, Dec. 06 2016, https://cve.mitre.org/cgi-bin/cvename.cginame= CVE-2017-3272.
"CVE-2018-2826." Available from MITRE, CVE-ID CVE-2018-2826, Dec. 15 2017, https://cve.mitre.org/cgi-bin/cvename.cginame= CVE-2018-2826.
A. Bartel and J. Doe, "Twenty years of escaping the java sandbox," Phrack, 2018, http://www.phrack.org/papers/escaping-the-java-sandbox.html.
M. Zalewski, "American fuzzy lop," http://lcamtuf.coredump.cx/afl/, 2017.
G. Klees, A. Ruef, B. Cooper, S. Wei, and M. Hicks, "Evaluating fuzz testing," in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 2123-2138.
P. Chen and H. Chen, "Angora: Efficient fuzzing by principled search," in 2018 IEEE Symposium on Security and Privacy, 2018.
J. Corina, A. Machiry, C. Salls, Y. Shoshitaishvili, S. Hao, C. Kruegel, and G. Vigna, "Difuze: Interface aware fuzzing for kernel drivers," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 2123-2138.
I. Haller, A. Slowinska, M. Neugschwandtner, and H. Bos, "Dowsing for overflows: A guided fuzzer to find buffer boundary violations," in Proceedings of the 22Nd USENIX Conference on Security, ser. SEC'13. Berkeley, CA, USA: USENIX Association, 2013, pp. 49-64.
C. Lemieux and K. Sen, "Fairfuzz: Targeting rare branches to rapidly increase greybox fuzz testing coverage," CoRR, vol. abs/1709.07101, 2017. [Online]. Available: http://arxiv.org/abs/1709.07101
S. Groß, "Fuzzil: Coverage guided fuzzing for javascript engines," Master's thesis, Karlsruhe Institute of Technology, 2018.
R. Padhye, C. Lemieux, and K. Sen, "Jqf: Coverage-guided propertybased testing in java," in Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019.
R. Kersten, K. S. Luckow, and C. S. Pasareanu, "Poster: Afl-based fuzzing for java with kelinci," in ACM Conference on Computer and Communications Security, 2017.
J. Judin, "Java-afl," https://github.com/Barro/java-afl, 2019.
R. Padhye, C. Lemieux, K. Sen, M. Papadakis, and Y. L. Traon, "Zest: Validity fuzzing and parametric generators for effective random testing," CoRR, vol. abs/1812.00078, 2018.
Y. Chen, T. Su, C. Sun, Z. Su, and J. Zhao, "Coverage-directed differential testing of jvm implementations," in proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2016, pp. 85-99.
Y. Chen, T. Su, and Z. Su, "Deep differential testing of jvm implementations," in 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). IEEE, 2019, pp. 1257-1268.
J. Chen, J. Patra, M. Pradel, Y. Xiong, H. Zhang, D. Hao, and L. Zhang, "A survey of compiler testing," ACM Comput. Surv., vol. 53, no. 1, pp. 4:1-4:36, 2020. [Online]. Available: https://doi.org/10.1145/3363562
M. Jimenez, R. Rwemalika, M. Papadakis, F. Sarro, Y. L. Traon, and M. Harman, "The importance of accounting for real-world labelling when predicting software vulnerabilities," in Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2019, Tallinn, Estonia, August 26-30, 2019, M. Dumas, D. Pfahl, S. Apel, and A. Russo, Eds. ACM, 2019, pp. 695-705. [Online]. Available: https://doi.org/10.1145/3338906.3338941
S. Bekrar, C. Bekrar, R. Groz, and L. Mounier, "Finding software vulnerabilities by smart fuzzing," in 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation. IEEE, 2011, pp. 427-430.
G. Fraser and A. Arcuri, "Handling test length bloat," Software Testing, Verification and Reliability, vol. 23, no. 7, pp. 553-582, 2013.
R. Vallee-Rai and L. J. Hendren, "Jimple: Simplifying java bytecode for analyses and transformations." Citeseer, 1998.
P. Lam, E. Bodden, O. Lhoták, and L. Hendren, "The soot framework for java program analysis: a retrospective," in Cetus Users and Compiler Infastructure Workshop (CETUS 2011), vol. 15, 2011, p. 35.
J. Bernoulli, Ars conjectandi, opus posthumum: accedit tractatus de seriebus infinitis, et epistola Gallice scripta de ludo pilae reticularis. Impensis Thurnisiorum Fratrum, 1713.
A. Householder and J. Foote, "Probability-based parameter selection for black-box fuzz testing," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, Tech. Rep. CMU/SEI-2012-TN-019, 2012.
B. Meyer, "Applying'design by contract'," Computer, vol. 25, no. 10, pp. 40-51, 1992.
C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball, "Feedback-directed random test generation," Proceedings-International Conference on Software Engineering, pp. 75-84, 2007.
G. Fraser and A. Arcuri, "EvoSuite," Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering-SIGSOFT/FSE '11, no. September 2011, p. 416, 2011.
A. Sakti, G. Pesant, and Y. G. Guéhéneuc, "Instance generator and problem representation to improve object oriented code coverage," IEEE Transactions on Software Engineering, vol. 41, no. 3, 2015.
I. S. Prasetya, "Budget-aware random testing with T3: Benchmarking at the SBST2016 testing tool contest," Proceedings-9th International Workshop on Search-Based Software Testing, SBST 2016, pp. 29-32, 2016.
M. M. Almasi, H. Hemmati, G. Fraser, A. Arcuri, and J. Benefelds, "An industrial evaluation of unit test generation: Finding real faults in a financial application," Proceedings-2017 IEEE/ACM 39th International Conference on Software Engineering: Software Engineering in Practice Track, ICSE-SEIP 2017, pp. 263-272, 2017.
S. Shamshiri, R. Just, J. M. Rojas, G. Fraser, P. McMinn, and A. Arcuri, "Do automatically generated unit tests find real faults An empirical study of effectiveness and challenges," Proceedings-2015 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, pp. 201-211, 2016.
"Junit." [Online]. Available: https://junit.org/
"Oracle jdeps." [Online]. Available: https://docs.oracle.com/javase/9/ tools/jdeps.htm
B. Evans, "Understanding java jit compilation with jitwatch, part 1," https://www.oracle.com/technical-resources/articles/java/ architect-evans-pt1.html, 2014.
OpenJDK, "Hotspot glossary of terms," http://openjdk.java.net/groups/ hotspot/docs/HotSpotGlossary.html, 2006.
Y. Liang and L. Yansheng, "An incremental compilation algorithm for the java programming language," in 2012 7th International Conference on Computer Science Education (ICCSE), 2012, pp. 1121-1124.
C. Pacheco and M. D. Ernst, "Randoop: feedback-directed random testing for java," in Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion, 2007, pp. 815-816.
K. Yatoh, K. Sakamoto, F. Ishikawa, and S. Honiden, "Feedbackcontrolled random test generation," in Proceedings of the 2015 International Symposium on Software Testing and Analysis, ser. ISSTA 2015. New York, NY, USA: ACM, 2015, pp. 316-326.
T. Yoshikawa, K. Shimura, and T. Ozawa, "Random program generator for java jit compiler test system," in Third International Conference on Quality Software, 2003. Proceedings. IEEE, 2003, pp. 20-23.
J. Chen, G. Wang, D. Hao, Y. Xiong, H. Zhang, and L. Zhang, "History-guided configuration diversification for compiler test-program generation," in 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2019, pp. 305-316.
J. Chen, W. Hu, D. Hao, Y. Xiong, H. Zhang, L. Zhang, and B. Xie, "An empirical comparison of compiler testing techniques," in Proceedings of the 38th International Conference on Software Engineering, 2016, pp. 180-190.
J. Regehr, Y. Chen, P. Cuoq, E. Eide, C. Ellison, and X. Yang, "Testcase reduction for c compiler bugs," ACM SIGPLAN Notices, vol. 47, pp. 335-346, 08 2012.
X. Yang, Y. Chen, E. Eide, and J. Regehr, "Finding and understanding bugs in c compilers," ACM SIGPLAN Notices, vol. 47, p. 283, 08 2012.
A. Boujarwah and K. Saleh, "Compiler test case generation methods: A survey and assessment," Information and Software Technology, vol. 39, pp. 617-625, 09 1997.
Q. Zhang, C. Sun, and Z. Su, "Skeletal program enumeration for rigorous compiler testing," in Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2017, pp. 347-361.
J. Chen, G. Wang, D. Hao, Y. Xiong, H. Zhang, L. Zhang, and B. XIE, "Coverage prediction for accelerating compiler testing," IEEE Transactions on Software Engineering, vol. PP, pp. 1-1, 12 2018.
J. Chen, J. Han, P. Sun, L. Zhang, D. Hao, and L. Zhang, "Compiler bug isolation via effective witness test program generation," in Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2019, pp. 223-234.
C. Lidbury, A. Lascu, N. Chong, and A. F. Donaldson, "Many-core compiler fuzzing," ACM SIGPLAN Notices, vol. 50, no. 6, pp. 65-76, 2015.