We design and implement from scratch a new fuzzer called SIVO that refines
multiple stages of grey-box fuzzing. First, SIVO refines data-flow fuzzing in
two ways: (a) it provides a new taint inference engine that requires only
logarithmic in the input size number of tests to infer the dependency of all
program branches on the input bytes, and (b) it deploys a novel method for
inverting branches by solving directly and efficiently systems of inequalities.
Second, our fuzzer refines accurate tracking and detection of code coverage
with simple and easily implementable methods. Finally, SIVO refines selection
of parameters and strategies by parameterizing all stages of fuzzing and then
dynamically selecting optimal values during fuzzing. Thus the fuzzer can easily
adapt to a target program and rapidly increase coverage. We compare our fuzzer
to 11 other state-of-the-art grey-box fuzzers on 27 popular benchmarks. Our
evaluation shows that SIVO scores the highest both in terms of code coverage
and in terms of number of found vulnerabilities.

By admin