Zishan Merza

Date of Award

Spring 3-2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

First Advisor

Yong Wang

Second Advisor

Varghese Vaidyan

Third Advisor

Jun Liu

Abstract

Fuzzing is an effective approach to mitigating vulnerabilities in software applications. It encompasses various types of fuzzing, including black-box, white-box, and gray-box, each with advantages and limitations. This research presents a novel method to improve the efficiency of coverage-guided directed gray-box fuzzers by improving the understanding of indirect function calls in the call graph and leveraging ThinLTO when generating an instrumented binary. A more comprehensive call graph enables fuzzers to navigate more effectively toward their targets, particularly when the target resides within a method invoked through a function pointer. This research addresses four research questions: 1) Can we improve the efficiency of the directed gray-box fuzzer by improving its ability to understand indirect function calls better? 2) Can we use a call graph to direct our gray-box fuzzer to fuzz where libraries are used in the code? 3) Can we export information from the fuzzing engine to inform us if all areas of interest have been covered? 4) How effective is our directed gray-box fuzzer compared to other fuzzers such as AFL++ and AFLGo? The methodology follows Wieringa’s design-science research approach, which consists of four phases: problem investigation, treatment design, validation, and implementation. The evaluation results demonstrated that CGFuzzerArt improved efficiency by incorporating a call graph with a better understanding of indirect function calls. It successfully identified libraries and expanded its target list, effectively exporting information on whether a target was reached. It outperformed existing fuzzers, such as AFL++ and AFLGo, by reaching targets more frequently and in less time.

Download

Share

COinS