MinFuzz: Program simplification to drive fuzzing effectiveness

By Nicolas Badoux (EPFL)


Fuzzing, an effective form of dynamic software testing, relies on rapidly testing generated inputs to discover bugs in programs. In the last two years, fuzzing gained massive traction in the security community, driven by the discovery of large amounts of vulnerabilities. Fuzzing requires an effective input generation mechanism that quickly generates new interesting inputs and a fast execution engine that drives execution to potentially vulnerable program locations. Bloated code or complex data validation unnecessarily slow down the fuzzing process as these code sequences are executed frequently. Often these code sequences are already well tested and it is unlikely for the fuzzer to discover new vulnerabilities in them.

We present MinFuzz, our approach to discover and remove prunable code blocks to improve fuzzing effectiveness. First, we will discuss which computations are “skippable”. Our system targets particularly decompression, decryption, and checksum computations. By first locating and then pruning such code segments, we increase the number of executions per second by up to 50% and additionally achieve deeper coverage of the program in the same time.

27 March 2019, EPFL BC building, room BC420