PVDF: An automatic Patch-based Vulnerability Description and Fuzzing method

Patch-based vulnerability analysis is a hot topic for security researchers and attackers, some important semantic can be used to discover new bugs or errors via information revealed from patch differences. However, automatic description for patched differences is always viewed as such a difficult task that similar work is usually achieve in manual method. In this paper, we present an automatic patch-based description for a type of privilege elevation vulnerability, and perform fuzzing test to excavate unknown bugs in further step. Focusing on feature in this type of vulnerability, we recognize vulnerability-related positions from patched differences, and divide them into multi-level attributes via normalized definitions. Furthermore, we present analysis procedure as relationship measurement among several attributes: binary difference, data structure of object, operation semantic and constraint formula. The root cause and exploitation method for vulnerability can be described on the leverage of gradual attribute deductions. At last, a CF-oriented fuzzing method is introduced based on verification of semantic and constraint formula. The effectiveness and performance of our prototype have been tested in evaluation, it proves that patch-related bugs all can be described in PVD (Patch-based Vulnerability Description) automatically, and some new bugs can be discovered in PVF (Patch-based Vulnerability Fuzzing). In addition, average time consumption of global running is less than systems or projects of related work.