Efficient Fuzzing and Software Updating via Dynamic Binary Rewriting
The mounting reliance on software in an array of applications, from smartphones to spacecraft, demands a development and deployment process that ensures reliability, security, and efficiency. However, the multifaceted nature of software development, the escalating emphasis on security, and the prevalence of software bugs have led to grave consequences. This talk explores how we can improve testing and deployment, two key but often overlooked stages in the software development life cycle (SDLC).
This talk introduces a set of three methodologies –— SaBRe, SnapFuzz, and Mvedsua —– that each address distinct challenges. Our work aims to enhance the SDLC, requiring minimal specialised knowledge and reducing the laborious nature of the process. As a result, developers will be better equipped to create dependable, efficient, and secure software applications that can meet the rigorous demands of contemporary technology.
SaBRe, our first methodology, is a load-time dynamic binary rewriting platform, that optimises the process of binary rewriting by performing modifications after the program is loaded into memory but before execution, leading to safe and efficient rewriting with minimal overhead below 3%. SaBRe is the platform primitive leveraged by our next two methodologies to implement efficient and robust fuzzing and software updating.
Our second methodology, SnapFuzz, is a fuzzing system that addresses the difficulties in testing stateful network applications by transforming slow asynchronous network communication into a more efficient synchronous form, leveraging snapshot-taking mechanisms and accelerating file operations. Compared to traditional methods, SnapFuzz simplifies the fuzzing harness, has an impressive performance speedup (8.4x-62.8x) and discovered additional 12 crashes crashes in real applications.
The third methodology, Mvedsua, integrates Dynamic Software Updating (DSU) with Multi-Version Execution (MVE) to ensure constant availability and seamless user experience during software updates. This innovative approach significantly reduces the update-time delay by hiding the update process, quickly detects and rectifies errors introduced during the update process, and imposes minimal steady-state overhead.
Anastasios Andronidis is a PhD student at Imperial College London. His research interests include operating systems, schedulers, binary rewriting, and fuzzing.