Search Icon
Register

LibAFL QEMU: A Library for Fuzzing-oriented Emulation

Romain Malmain (EURECOM), Andrea Fioraldi (EURECOM), Aurelien Francillon (EURECOM)

Despite QEMU’s popularity for binary-only fuzzing, the fuzzing community faces challenges like the proliferation of hard-to-maintain QEMU forks and the lack of an up-to-date, flexible framework well-integrated with advanced fuzzing engines. This leads to a gap in emulation-based fuzzing tools that are both maintainable and fuzzing-oriented.

To cope with that, we present LIBAFL QEMU, a library written in Rust that provides an interface for fuzzing-based emulation by wrapping around QEMU, in both system and user mode. We focus on addressing the limitations of existing QEMU forks used in fuzzing by offering a well-integrated, maintainable and up-to-date solution. In this paper, we detail the design, implementation, and practical challenges of LIBAFL QEMU, including its APIs and fuzzing capabilities and we showcase the library’s use in two case studies: fuzzing an Android library and a Windows kernel driver.

We compare the fuzzers written for these 2 targets with the state-of-the-art, AFL++ qemu mode for the Android library, and KAFL for the Windows driver. For the former, we show that LIBAFL QEMU outperforms AFL++ qemu mode both in terms of speed and coverage. For the latter, despite KAFL being built above hardware-based virtualization instead of emulation, we show we can run complex targets such as Windows and still reach comparable performance, with an overhead expected by a software emulator.

Paper

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 37 [1] => 104 ) ) ) [post__not_in] => Array ( [0] => 17332 ) )

REPLICAWATCHER: Training-less Anomaly Detection in Containerized Microservices

Asbat El Khairi (University of Twente), Marco Caselli (Siemens AG), Andreas Peter (University of Oldenburg), Andrea Continella (University of Twente)

Read More

cozy: Comparative Symbolic Execution for Binary Programs

Caleb Helbling, Graham Leach-Krouse, Sam Lasser, Greg Sullivan (Draper)

Read More

Securing the Satellite Software Stack

Samuel Jero (MIT Lincoln Laboratory), Juliana Furgala (MIT Lincoln Laboratory), Max A Heller (MIT Lincoln Laboratory), Benjamin Nahill (MIT Lincoln Laboratory), Samuel Mergendahl (MIT Lincoln Laboratory), Richard Skowyra (MIT Lincoln Laboratory)

Read More

Designing and Evaluating a Testbed for the Matter Protocol:...

Ravindra Mangar (Dartmouth College) Jingyu Qian (University of Illinois), Wondimu Zegeye (Morgan State University), Abdulrahman AlRabah, Ben Civjan, Shalni Sundram, Sam Yuan, Carl A. Gunter (University of Illinois), Mounib Khanafer (American University of Kuwait), Kevin Kornegay (Morgan State University), Timothy J. Pierson, David Kotz (Dartmouth College)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)