About
Sydr is a dynamic symbolic execution tool that explores new paths and enables error detection. Sydr uses DynamoRIO for concrete execution and Triton for symbolic execution.
Sydr-Fuzz is a dynamic analysis tool for security development lifecycle. It combines fuzzing (libFuzzer, AFL++) with the power of dynamic symbolic execution (Sydr). Sydr-Fuzz implements the following fuzzing pipeline:
- Hybrid fuzzing with Sydr and libFuzzer/AFL++:
sydr-fuzz run
- Corpus minimization:
sydr-fuzz cmin
- Error detection (out of bounds, integer overflow, division by zero, etc.) via
symbolic security predicates:
sydr-fuzz security
- Collecting coverage:
sydr-fuzz cov-html
- Crash triaging, deduplication, and clustering with
Casr:
sydr-fuzz casr
Our mission is discovering new bugs in open source projects via hybrid fuzzing (OSS-Sydr-Fuzz). We already found a significant number of trophies. Moreover, we compare Sydr-Fuzz with existing fuzzers.
Sydr-Fuzz supports multiple programming languages including C/C++ (libFuzzer/AFL++), Rust (cargo-fuzz/afl.rs), Go (go-fuzz), and Python (Atheris). All languages except Python support symbolic execution with Sydr.
Guides
- Fuzzing xlnt project with sydr-fuzz for fun and profit (libFuzzer) [english] [russian]
- Fuzzzing FreeImage project with Sydr and AFLplusplus [english] [russian]
- Fuzzing goblin (Rust) project with Sydr and AFLplusplus [english] [russian]
- Fuzzing ruamel-yaml (Python) project with sydr-fuzz (Atheris backend) [english] [russian]
- Fuzzing golang/image (Go) project with sydr-fuzz (go-fuzz backend) [english] [russian]
Open Source Projects
- OSS-Sydr-Fuzz: Hybrid Fuzzing for Open Source Software
- CASR: Crash Analysis and Severity Report
- gdb-command: Rust Library for Manipulating GDB in Batch Mode
- Juliet C/C++ Dynamic Test Suite: Evaluating Dynamic Analysis Tools on Juliet
- sydr-benchmark: Benchmarking Dynamic Symbolic Execution
Publications and Talks
- Vishnyakov A., Fedotov A., Kuts D., Novikov A., Parygina D., Kobrin E., Logunova V., Belecky P., Kurmangaleev Sh. Sydr: Cutting Edge Dynamic Symbolic Execution. 2020 Ivannikov ISPRAS Open Conference. [paper] [slides] [video]
- Fedotov A.N., Kurmangaleev Sh.F. CASR: core dump analysis and severity reporter tool. Proceedings of ISP RAS, 2020. [russian paper]
- Kuts D. Towards Symbolic Pointers Reasoning in Dynamic Symbolic Execution. 2021 Ivannikov Memorial Workshop. [paper] [slides]
- Vishnyakov A., Logunova V., Kobrin E., Kuts D., Parygina D., Fedotov A. Symbolic Security Predicates: Hunt Program Weaknesses. 2021 Ivannikov ISPRAS Open Conference. [paper] [slides] [russian video]
- Savidov G., Fedotov A. Casr-Cluster: Crash Clustering for Linux Applications. 2021 Ivannikov ISPRAS Open Conference. [paper] [slides]
- Kobrin E., Vishnyakov A., Fedotov A. Hybrid Fuzzing of TensorFlow Machine Learning Framework. MITSOBI 2022. [russian slides]
- Vishnyakov A.V., Kobrin E.A., Fedotov A.N. Error detection in binary code with dynamic symbolic execution. Proceedings of ISP RAS, 2022. [russian paper] [russian slides]
- Fedotov A. Sydr: Dynamic Analysis Technology. IVMEM 2022 Plenum. [russian slides] [russian video]
- Fedotov A. Sydr: SDL for Artificial Intelligence. IVMEM 2022 Plenum. [russian slides] [russian video]
- Parygina D., Vishnyakov A., Fedotov A. Strong Optimistic Solving for Dynamic Symbolic Execution. 2022 Ivannikov Memorial Workshop. [paper] [slides] [russian video]
- Fedotov A. Sydr: Hybrid Fuzzing. IVMEM 2022 Cybersecurity Round Table. [russian slides]
- Fedotov A. Sydr & CASR: Dynamic Analysis for SDL. ISPRAS Open 2022 Trusted Software Development. [russian slides]
- Fedotov A. Development of Trusted Machine Learning Frameworks. ISPRAS Open 2022 Trusted AI. [russian slides] [russian video]
- Vishnyakov A., Kuts D., Logunova V., Parygina D., Kobrin E., Savidov G., Fedotov A. Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. 2022 Ivannikov ISPRAS Open Conference. [paper] [slides] [russian video]
- Vishnyakov A. Error detection in binary code with dynamic symbolic execution. PhD thesis. [russian thesis] [russian synopsis] [russian slides]