MARVEL: A Generic, Scalable and Effective Vulnerability Detection Platform
Identifying vulnerabilities in real-world applications is challenging. Currently, static analysis tools fail to provide concrete triggering inputs and are with high false positives; and fuzzing-based runtime detection tools are inefficient to achieve a full spectrum examination. In this work, we propose MARVEL, a generic, scalable and effective vulnerability detection platform. Firstly, a lightweight static tool, LEOPARD, is designed and implemented to identify potential vulnerable functions through program metrics. LEOPARD uses complexity metrics to group functions into a set of bins and then ranks functions in each bin with vulnerability metrics. Top functions in each bin are identified as potentially vulnerable. Secondly, a directed grey-box fuzzer is designed to take the results from LEOPARD to further examine and confirm the vulnerabilities. Our design stands out with the ability to automatically group adjacent functions and orchestrate both the macro level function directed fuzzing and the micro level path-condition directed fuzzing. LEOPARD is evaluated to cover 74.0% of vulnerable function when identifying 20% of functions as vulnerable and outperforms the baseline approaches. Further, three applications are proposed to validate the usefulness of LEOPARD. Through the case studies, we discovered 22 new bugs and eight of them are new vulnerabilities.