One step closer to 'fully automatic' vulnerability mining! Tencent Security Big Data Laboratory paper selected for ACM CCS 2023

ACM CCS 2023, the international authoritative academic conference in the field of computer science, opened on November 26 in Copenhagen, Denmark. The paper "Hopper: Interpretative Fuzzing for Libraries" by the Tencent Security Big Data Laboratory team was included in the conference. Yesterday, laboratory researcher Xie Yuxuan was invited to attend the conference to share the theme.

This research proposes an interpretive fuzz testing method, showing how to use dynamic feedback to learn constraints inside and outside the API to achieve automated code generation. Through this method, without any external expert knowledge, it is possible to generate valid and usable code calling methods and exploit these codes to exploit vulnerabilities. The goal of this research method is to solve the problem that fuzz testing requires manual construction of entrances, thereby greatly improving the efficiency and application scope of automated vulnerability mining

In the past few years, fuzzing technology (Fuzzing) has proven to be an A very effective vulnerability mining method. The main principle of this technology is to test the processing capabilities of software by generating a large number of random inputs, thereby helping developers automatically discover defects in software. At present, fuzz testing technology has been widely used in open source software and commercial software. However, fuzz testing relies on developers to manually build test entrances (fuzz drivers) to test target objects. Writing test entries with correct logic and high coverage requires developers to have a deep understanding of the library under test and requires a lot of work. Due to the high threshold, there are still many codes (including projects, APIs, etc.) that have not been covered by fuzz testing, resulting in a limitation in the degree of "automation" of vulnerability mining.

Tencent Security Big Data Laboratory proposed a A new testing method called interpretive fuzz testing. This testing method does not require developers to write test entrances, enables Fuzzer to directly generate programs to be executed, and enables fully automated learning and testing of any library API. It completely opens up the fully automated process of fuzz testing and greatly improves the efficiency of automated vulnerability mining

Based on this method, Tencent Security Big Data Laboratory implemented the automated vulnerability mining tool Hopper, and used it in 11 open source libraries The effect of Hopper is evaluated in the paper. The results show that Hopper has a significant advantage in coverage performance in three of the libraries, and can achieve results comparable to manually constructed entrances in other libraries.

Hopper has shown an extremely high level of API coverage, reaching 93.52%. In comparison, manually written fuzz test entries can only cover about 15%-30% of the API

In addition, the intra-API constraints inferred by Hopper can reach 96.51% The accuracy rate greatly improves the success rate and efficiency of generating code

Finally, in the experiment, Hopper directly used the dynamic feedback of execution to generate code that can test the API. While greatly improving API test coverage, it also successfully identified a series of real software defects and submitted them to relevant platforms and developers for repair.

The researchers published the above research results in the form of a paper, which was included in ACM CCS 2023. ACM CCS, together with IEEE S&P, USENIX Security, and NDSS, is known as the four top conferences in the field of computer security. It has a history of nearly 30 years and has had a significant and far-reaching impact on the field of computer security. The conference enjoys a high reputation in the field of computer security and is also recognized as a Class A international academic conference on network and information security by the China Computer Federation (CCF).

Tencent Security Big Data Laboratory believes that the internal and external technologies facing network security are constantly developing, but the essence of network security is vulnerabilities and attack and defense. Therefore, how to find system vulnerabilities before attackers is not Changing theme. In the era of large models, Tencent Security will also continue to explore how to empower new technologies such as AI in vulnerability mining and improve efficiency.

The above is the detailed content of One step closer to 'fully automatic' vulnerability mining! Tencent Security Big Data Laboratory paper selected for ACM CCS 2023. For more information, please follow other related articles on the PHP Chinese website!