The 2021 Pwnie Nominee For Most Innovative Research

APICraft: Fuzz Driver Generation for Closed-source SDK Libraries

Researcher Names: Xingwei Lin

Link: https://www.usenix.org/conference/usenixsecurity21/presentation/zhang-cen

No one wants to generate fuzz drivers manually; that’s why tools exist! However, most tools rely on the source code of the target library.

This work attempts to solve the problem of closed source libraries by finding clever solutions to two main issues: only limited information can be extracted from the library, and the semantic relations among API functions are complex, yet their correctness needs to be ensured.

APICRAFT is an automated fuzz driver generation technique. First, APICRAFT leverages both static and dynamic information to collect control and data dependencies for API functions practically. Then, APICRAFT uses a multi-objective genetic algorithm to combine the collected dependencies and build high-quality fuzz drivers. APICRAFT has evaluated it with five attack surfaces from the macOS SDK. In the evaluation, the fuzz drivers generated by APICRAFT demonstrate superior code coverage than the manually written ones, with an improvement of 64% on average. After around eight months of fuzzing, APICRAFT discovered 142 vulnerabilities with 54 assigned CVEs in macOS SDK, which can affect popular Apple products such as Safari, Messages, Preview, etc.