A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Filters
HyDiff
2020
Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering
Preserved Fulltext
For the hybrid analysis with HyDiff, the differential fuzzing and symbolic execution components are started with the same seed input. ...
HyDiff's differential fuzzing does not use any inputs from differential symbolic execution and vice versa because they are busy with their own analysis. ...
doi:10.1145/3377811.3380363
dblp:conf/icse/NollerPBSNG20
fatcat:w3qp2ehznvdyzp53hir4h3rola
Badger: Complexity Analysis with Fuzzing and Symbolic Execution
2019
Software Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In this work, we report on our recent research results on "Badger: Complexity Analysis with Fuzzing and Symbolic Execution" which was published in the proceedings of the 27th ACM SIGSOFT International ...
Badger employs a hybrid software analysis technique that combines fuzzing and symbolic execution for finding performance bottlenecks in software. ...
We explore here the application of fuzzing and symbolic execution to algorithmic complexity analysis, which can be applied to reason about programs, understand performance bottlenecks and find opportunities ...
doi:10.18420/se2019-16
dblp:conf/se/NollerKP19
fatcat:avupp4hksraxbezqpweobk53uu
Compositional Fuzzing Aided by Targeted Symbolic Execution
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Wildfire finds vulnerabilities by fuzzing isolated functions in a C-program and, then, using targeted symbolic execution it determines the feasibility of exploitation for these vulnerabilities. ...
Based on our evaluation of 23 open-source programs (nearly 1 million LOC), we show that Wildfire, as a result of the increased coverage, finds more true-positives than baseline symbolic execution and fuzzing ...
Munch [36] is a hybrid tool introduced to increase function coverage by employing two combinations of symbolic execution and fuzzing -fuzzing with seed-inputs generated by symbolic execution, and targeted ...
arXiv:1903.02981v2
fatcat:7tniae7aavgw7aa7rcawoqrjti
Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection
2021
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The combination of fuzzing and symbolic execution makes software testing more efficient by mitigating the limitations in each other. ...
The most reliable technique for automated software testing is a fuzzing tool that feeds programs with random test-input and detects software vulnerabilities that are critical to security. ...
program variables as symbolic variables and executes the PUT with concrete execution. ...
doi:10.1109/access.2021.3114202
fatcat:6yvqxkcqcvg5xl4g2bjf6ndsue
The Art, Science, and Engineering of Fuzzing: A Survey
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. ...
To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. ...
Dynamic Symbolic Execution At a high level, classic symbolic execution [126] , [39] , [108] runs a program with symbolic values as inputs, which represents all possible values. ...
arXiv:1812.00140v4
fatcat:zk2ow477dffc5pllixqigz24ba
MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique
2020
Electronics
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Gradient-based fuzzers can be applied to real-world programs and achieve high code coverage. ...
Evolutionary fuzzers generally work well with typical software programs because of their simple algorithm. ...
Acknowledgments: Ji Won Yoon was supported by the Institute for Information and Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (no. 2017-0-00545). ...
doi:10.3390/electronics10010011
fatcat:yw6i624a7ral7hqtl7ypqu3fou
Model-Based Grey-Box Fuzzing of Network Protocols
2022
Security and Communication Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Considering the client, the results show that it achieves 1.5X branch coverage (on average) compared with the default AFL, and 1.3X branch coverage compared with AFLNET and StateAFL, using the typical ...
The StateFuzzer identifies a new memory corruption bug in Live555 (2021-08-25) and 14 distinct discrepancies based on differential testing. ...
Security and Communication Networks ...
doi:10.1155/2022/6880677
fatcat:rq63r47bd5bgtmwnpkuvxlonke
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
2011
ACM Transactions on Privacy and Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
This article presents TaintScope, an automatic fuzzing system using dynamic taint analysis and symbolic execution techniques, to tackle the above problem. ...
Furthermore, it can fix checksum values in generated inputs using combined concrete and symbolic execution techniques. (2) TaintScope is a taint-based fuzzing tool working at the x86 binary level. ...
The key idea behind TaintScope is that the taint propagation information during program execution can be used to detect and Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution ...
doi:10.1145/2019599.2019600
fatcat:7lxi63myd5hsfe7scxnxi5nouy
Badger: complexity analysis with fuzzing and symbolic execution
2018
Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2018
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2018 pre-print arXiv:1806.03283v1 fatcat:ce3wovoa7ba3ldmfolwdcapaxq
Since fuzzing may fail to execute deep program paths due to its limited knowledge about the conditions that influence these paths, we complement the analysis with a symbolic execution, which is also customized ...
We implemented our approach for the analysis of Java programs, based on Kelinci and Symbolic PathFinder. ...
Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. ...
doi:10.1145/3213846.3213868
dblp:conf/issta/NollerKP18
fatcat:uutenm6aercrzkr5oroivfr5ce
Automatically Locating ARM Instructions Deviation between Real Devices and CPU Emulators
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Based on the specification, we propose a test case generator by designing and implementing the first symbolic execution engine for ARM architecture specification language (ASL). ...
With the inconsistent instructions, we build three security applications and demonstrate thecapability of these instructions on detecting emulators, anti-emulation, and anti-fuzzing. ...
Furthermore, the path coverage of programs fuzzed in emulators can be highly decreased with the help of inconsistent instructions. ...
arXiv:2105.14273v2
fatcat:7apz3eyr5vf2jip4pk5a67ehhq
DifFuzz: Differential Fuzzing for Side-Channel Analysis
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. ...
For this paper, we present an implementation that targets analysis of Java programs, and uses and extends the Kelinci and AFL fuzzers. ...
Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. ...
arXiv:1811.07005v2
fatcat:xkw5wlwvefaeta7jk2sunjoohq
ER-Fuzz:Conditional Code Removed Fuzzing
2019
KSII Transactions on Internet and Information Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We implemented a prototype of ER-Fuzz based on the popular fuzzer AFL and evaluated it on several applications. ...
In terms of the number of crash discoveries, in the best case, ER-Fuzz found 115% more unique crashes than did AFL. In total, seven new bugs were found and new CVEs were assigned. ...
Along this line, researchers have combined other relevant techniques with fuzzing, such as symbol execution [2, 3] , dynamic analysis [4, 5] and others. ...
doi:10.3837/tiis.2019.07.010
fatcat:teeecofhhbaqpme4cjfbvwejqu
Coverage-guided differential testing of TLS implementations based on syntax mutation
2022
PLoS ONE
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
The differences of different implementations during the fuzzing process, such as code coverage and response data, are taken to guide the mutation of test cases, and the seeds are mutated based on the TLS ...
Researchers are attempting to find the differences in protocol implementations based on differential testing, which is conducive to discovering the vulnerabilities. ...
tools [32] , and in combination with symbolic execution for further broaden observed differences [33] . ...
doi:10.1371/journal.pone.0262176
pmid:35073360
pmcid:PMC8786154
fatcat:2ol6csi32ndqhns4tuenihbuba
The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Most greybox fuzzing tools are coverage-guided as code coverage is strongly correlated with bug coverage. ...
Thus, directed greybox fuzzing (DGF) is particularly suitable for scenarios such as patch testing, bug reproduction, and specialist bug hunting. ...
Acknowledgement The authors would like to sincerely thank all the reviewers for your time and expertise on this paper. Your insightful comments help us improve this work. ...
arXiv:2005.11907v4
fatcat:dfoejnfw4jfobj4ejghpcgksji
Efficient Fuzz Testing for Apache Spark Using Framework Abstraction
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The key essence of our approach is that we abstract the dataflow behavior of the DISC framework with executable specifications and we design schema-aware mutations based on common error types in DISC applications ...
We devise a novel fuzz testing tool called BigFuzz that automatically generates concrete data for an input Apache Spark program. ...
Next, BIGFUZZ reconstructs her program with these Java classes using the executable specifications and automatically generates a test driver for her program. ...
arXiv:2103.05118v1
fatcat:w4exupqkbrge7iyjx3nbzgprr4
« Previous
Showing results 1 — 15 out of 742 results