Sydr-Fuzz: continuous hybrid fuzzing and dynamic analysis for security development lifecycle

A. V. Vishnyakov, D. O. Kutz^a, V. I. Logunova^ab, D. A. Parygina^ac, E. A. Kobrin, G. A. Savidov, A. N. Fedotov

^a Ivannikov Institute for System Programming of the RAS
^b Moscow Institute of Physics and Technology (National Research University)
^c Lomonosov Moscow State University

Abstract: Nowadays automated dynamic analysis frameworks for continuous testing are in high demand to ensure software safety and satisfy the security development lifecycle (SDL) requirements. The security bug hunting efficiency of cutting-edge hybrid fuzzing techniques outperforms widely utilized coverage-guided fuzzing. We propose an enhanced dynamic analysis pipeline to leverage productivity of automated bug detection based on hybrid fuzzing. We implement the proposed pipeline in the continuous fuzzing toolset Sydr-Fuzz which is powered by hybrid fuzzing orchestrator, integrating our DSE tool Sydr with libFuzzer and AFL++. Sydr-Fuzz also incorporates security predicate checkers, crash triaging tool Casr, and utilities for corpus minimization and coverage gathering. The benchmarking of our hybrid fuzzer against alternative state-of-the-art solutions demonstrates its superiority over coverage-guided fuzzers while remaining on the same level with advanced hybrid fuzzers. Furthermore, we approve the relevance of our approach by discovering 85 new real-world software flaws within the OSS-Sydr-Fuzz project. Finally, we open Casr source code to the community to facilitate examination of the existing crashes.

Keywords: dynamic analysis, hybrid fuzzing, continuous fuzzing, crash triage, dynamic symbolic execution, DSE, error detection, security development lifecycle, SDL, computer security

DOI: 10.15514/ISPRAS-2025-37(4)-30