Search Icon
2027 Submissions

MES: Thwarting Fuzzing by Suppressing Memory Errors (Registered Report)

Fannv He (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China, and School of Cyberspace Security, Hainan University, China), Yuan Liu (School of Cyber Engineering, Xidian University, China), Jice Wang (School of Cyberspace Security, Hainan University, China), Baiquan Wang (School of Cyberspace Security, Hainan University, China), Zezhong Ren (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China), Yuqing Zhang (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China; School of Cyberspace Security, Hainan University, China, and School of Cyber Engineering, Xidian University, China)

Fuzzing fundamentally relies on crash observability to guide its search. This paper breaks this premise by introducing MES, a novel anti-fuzzing system designed to make crashes unobservable. MES employs a compile-time address masking technique that instruments all memory accesses, ensuring they always refer to valid regions, thereby systematically suppressing memory-error crashes at their root. Our design stems from a validated foundational premise: invalid data accesses constitute the vast majority of crashes. Thus, a data-flow-centric suppression strategy offers the most effective defense. We evaluate MES through a three-pillar methodology: validating the premise via precise analysis of Binutils 2.13; assessing real-world efficacy against state-of-the-art fuzzers using the UNIFUZZ benchmark; and quantifying overhead/deployment scope with SPEC CPU 2017. MES is implemented as an LLVM compiler pass and a custom loader. Based on the experimental data obtained to date, MES demonstrates a strong capability to suppress memory-error crashes, with current results indicating a suppression rate exceeding 97% in our tests, which significantly impedes fuzzing progress. Preliminary performance measurements show that its overhead remains manageable within a well-defined operational envelope, supporting its promising potential as a practical defense in scenarios where crash suppression is critical. The full evaluation is ongoing to solidify these findings.

Paper

View More Papers

Shadow in the Cache: Unveiling and Mitigating Privacy Risks...

Zhifan Luo (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Shuo Shao (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Su Zhang (Huawei Technology), Lijing Zhou (Huawei Technology), Yuke Hu (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Chenxu Zhao (State Key Laboratory of Blockchain and Data Security, Zhejiang…

Read More

What Do They Fix? LLM-Aided Categorization of Security Patches...

Xingyu Li (UC Riverside), Juefei Pu (UC Riverside), Yifan Wu (UC Riverside), Xiaochen Zou (UC Riverside), Shitong Zhu (UC Riverside), Qiushi Wu (IBM), Zheng Zhang (UC Riverside), Joshua Hsu (UC Riverside), Yue Dong (UC Riverside), Zhiyun Qian (UC Riverside), Kangjie Lu (University of Minnesota), Trent Jaeger (UC Riverside), Michael De Lucia (U.S. Army Research Laboratory),…

Read More

CoordMail: Exploiting SMTP Timeout and Command Interaction to Coordinate...

Ruixuan Li (Tsinghua University and Beijing National Research Center for Information Science and Technology), Chaoyi Lu (Zhongguancun Laboratory), Baojun Liu (Tsinghua University and Beijing National Research Center for Information Science and Technology), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Jun Shao (Zhejiang Gongshang University and Zhejiang Key Laboratory of Big…

Read More