Information leakage is a class of error that can lead to severe consequences. However unlike other errors, it is rarely explicitly considered during the software testing process. LeakFuzzer advances the state of the art by using a noninterference security property together with a security flow policy as an oracle. As the tool extends the state of the art fuzzer, AFL++, LeakFuzzer inherits the advantages of AFL++ such as scalability, automated input generation, high coverage and low developer intervention. The tool can detect the same set of errors that a normal fuzzer can detect, with the addition of being able to detect violations of secure information flow policies. We evaluated LeakFuzzer on a diverse set of 10 C and C++ benchmarks containing known information leaks, ranging in size from just 80 to over 900k lines of code. Seven of these are taken from real-world CVEs including Heartbleed and a recent error in PostgreSQL. Given 20 24-hour runs, LeakFuzzer can find 100% of the leaks in the SUTs whereas existing techniques using such as the CBMC model checker and AFL++ augmented with different sanitizers can only find 40% at best.

翻译：信息泄露是一类可能导致严重后果的错误。然而与其他错误不同，它在软件测试过程中很少被明确考虑。LeakFuzzer通过将非干涉安全属性与安全流策略共同作为预言机，推动了现有技术的发展。由于该工具扩展了当前最先进的模糊器AFL++，LeakFuzzer继承了AFL++的优势，例如可扩展性、自动化输入生成、高覆盖率和低开发者干预。该工具既能检测普通模糊器所能检测的所有错误类型，还能额外检测安全信息流策略的违反情况。我们在10个包含已知信息泄露的C/C++基准程序上评估了LeakFuzzer，这些程序规模从仅80行到超过90万行代码不等，其中7个取自真实世界的CVE漏洞，包括Heartbleed和PostgreSQL中的一个近期错误。在20次24小时运行实验中，LeakFuzzer能够发现被测系统中100%的泄露，而现有技术如CBMC模型检查器和配备不同消毒剂的AFL++最多仅能发现40%的泄露。