Proj. CMI Paper Reading: Distributed System Fuzzing

Abstract

背景:当前分布式系统分析一般都是黑盒工具,难以探索程序状态
工具:MALLORY
任务:greybox fuzzing testing distributed system
方法:timeline-driven testing, timeline abstraction
步骤:

  1. 动态构建描述系统行为的Lamport timelines
  2. 将这些timelines抽象化为happens-before summaries
  3. 使用summaries来执行faults guided fuzzing

实验:
数据集:a diverse set of widely-used industrial distributed systems
效果:

  1. 与JEPSEN对比,24小时内 + 54.27% distinct states, speed-up 2.24x, speed of finding bugs: 1.87x
  2. 找到22个0-day漏洞(18 confirmed, 10 new vulnerabilities), 6 CVEs。在已经被严格测试过的Braft, Dqlite和Redis上也找到了bugs。
posted @ 2023-07-17 23:04  雪溯  阅读(14)  评论(0编辑  收藏  举报