Filters








742 Hits in 3.7 sec

HyDiff

Yannic Noller, Corina S. Păsăreanu, Marcel Böhme, Youcheng Sun, Hoang Lam Nguyen, Lars Grunske
2020 Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering  
For the hybrid analysis with HyDiff, the differential fuzzing and symbolic execution components are started with the same seed input.  ...  HyDiff's differential fuzzing does not use any inputs from differential symbolic execution and vice versa because they are busy with their own analysis.  ... 
doi:10.1145/3377811.3380363 dblp:conf/icse/NollerPBSNG20 fatcat:w3qp2ehznvdyzp53hir4h3rola

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Yannic Noller, Rody Kersten, Corina Pasareanu
2019 Software Engineering  
In this work, we report on our recent research results on "Badger: Complexity Analysis with Fuzzing and Symbolic Execution" which was published in the proceedings of the 27th ACM SIGSOFT International  ...  Badger employs a hybrid software analysis technique that combines fuzzing and symbolic execution for finding performance bottlenecks in software.  ...  We explore here the application of fuzzing and symbolic execution to algorithmic complexity analysis, which can be applied to reason about programs, understand performance bottlenecks and find opportunities  ... 
doi:10.18420/se2019-16 dblp:conf/se/NollerKP19 fatcat:avupp4hksraxbezqpweobk53uu

Compositional Fuzzing Aided by Targeted Symbolic Execution [article]

Saahil Ognawala, Fabian Kilger, Alexander Pretschner
2019 arXiv   pre-print
Wildfire finds vulnerabilities by fuzzing isolated functions in a C-program and, then, using targeted symbolic execution it determines the feasibility of exploitation for these vulnerabilities.  ...  Based on our evaluation of 23 open-source programs (nearly 1 million LOC), we show that Wildfire, as a result of the increased coverage, finds more true-positives than baseline symbolic execution and fuzzing  ...  Munch [36] is a hybrid tool introduced to increase function coverage by employing two combinations of symbolic execution and fuzzing -fuzzing with seed-inputs generated by symbolic execution, and targeted  ... 
arXiv:1903.02981v2 fatcat:7tniae7aavgw7aa7rcawoqrjti

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Fayozbek Rustamov, Juhwan Kim, Jihyeon Yu, Joobeom Yun
2021 IEEE Access  
The combination of fuzzing and symbolic execution makes software testing more efficient by mitigating the limitations in each other.  ...  The most reliable technique for automated software testing is a fuzzing tool that feeds programs with random test-input and detects software vulnerabilities that are critical to security.  ...  program variables as symbolic variables and executes the PUT with concrete execution.  ... 
doi:10.1109/access.2021.3114202 fatcat:6yvqxkcqcvg5xl4g2bjf6ndsue

The Art, Science, and Engineering of Fuzzing: A Survey [article]

Valentin J.M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo
2019 arXiv   pre-print
At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed.  ...  To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature.  ...  Dynamic Symbolic Execution At a high level, classic symbolic execution [126] , [39] , [108] runs a program with symbolic values as inputs, which represents all possible values.  ... 
arXiv:1812.00140v4 fatcat:zk2ow477dffc5pllixqigz24ba

MaxAFL: Maximizing Code Coverage with a Gradient-Based Optimization Technique

Youngjoon Kim, Jiwon Yoon
2020 Electronics  
Gradient-based fuzzers can be applied to real-world programs and achieve high code coverage.  ...  Evolutionary fuzzers generally work well with typical software programs because of their simple algorithm.  ...  Acknowledgments: Ji Won Yoon was supported by the Institute for Information and Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (no. 2017-0-00545).  ... 
doi:10.3390/electronics10010011 fatcat:yw6i624a7ral7hqtl7ypqu3fou

Model-Based Grey-Box Fuzzing of Network Protocols

Yan Pan, Wei Lin, Liang Jiao, Yuefei Zhu, Irshad Azeem
2022 Security and Communication Networks  
Considering the client, the results show that it achieves 1.5X branch coverage (on average) compared with the default AFL, and 1.3X branch coverage compared with AFLNET and StateAFL, using the typical  ...  The StateFuzzer identifies a new memory corruption bug in Live555 (2021-08-25) and 14 distinct discrepancies based on differential testing.  ...  Security and Communication Networks  ... 
doi:10.1155/2022/6880677 fatcat:rq63r47bd5bgtmwnpkuvxlonke

Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution

Tielei Wang, Tao Wei, Guofei Gu, Wei Zou
2011 ACM Transactions on Privacy and Security  
This article presents TaintScope, an automatic fuzzing system using dynamic taint analysis and symbolic execution techniques, to tackle the above problem.  ...  Furthermore, it can fix checksum values in generated inputs using combined concrete and symbolic execution techniques. (2) TaintScope is a taint-based fuzzing tool working at the x86 binary level.  ...  The key idea behind TaintScope is that the taint propagation information during program execution can be used to detect and Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution  ... 
doi:10.1145/2019599.2019600 fatcat:7lxi63myd5hsfe7scxnxi5nouy

Badger: complexity analysis with fuzzing and symbolic execution

Yannic Noller, Rody Kersten, Corina S. Păsăreanu
2018 Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2018  
Since fuzzing may fail to execute deep program paths due to its limited knowledge about the conditions that influence these paths, we complement the analysis with a symbolic execution, which is also customized  ...  We implemented our approach for the analysis of Java programs, based on Kelinci and Symbolic PathFinder.  ...  Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.  ... 
doi:10.1145/3213846.3213868 dblp:conf/issta/NollerKP18 fatcat:uutenm6aercrzkr5oroivfr5ce

Automatically Locating ARM Instructions Deviation between Real Devices and CPU Emulators [article]

Muhui Jiang, Tianyi Xu, Yajin Zhou, Yufeng Hu, Ming Zhong, Lei Wu, Xiapu Luo, Kui Ren
2021 arXiv   pre-print
Based on the specification, we propose a test case generator by designing and implementing the first symbolic execution engine for ARM architecture specification language (ASL).  ...  With the inconsistent instructions, we build three security applications and demonstrate thecapability of these instructions on detecting emulators, anti-emulation, and anti-fuzzing.  ...  Furthermore, the path coverage of programs fuzzed in emulators can be highly decreased with the help of inconsistent instructions.  ... 
arXiv:2105.14273v2 fatcat:7apz3eyr5vf2jip4pk5a67ehhq

DifFuzz: Differential Fuzzing for Side-Channel Analysis [article]

Shirin Nilizadeh, Yannic Noller, Corina S. Pasareanu
2019 arXiv   pre-print
Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size.  ...  For this paper, we present an implementation that targets analysis of Java programs, and uses and extends the Kelinci and AFL fuzzers.  ...  Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.  ... 
arXiv:1811.07005v2 fatcat:xkw5wlwvefaeta7jk2sunjoohq

ER-Fuzz:Conditional Code Removed Fuzzing

2019 KSII Transactions on Internet and Information Systems  
We implemented a prototype of ER-Fuzz based on the popular fuzzer AFL and evaluated it on several applications.  ...  In terms of the number of crash discoveries, in the best case, ER-Fuzz found 115% more unique crashes than did AFL. In total, seven new bugs were found and new CVEs were assigned.  ...  Along this line, researchers have combined other relevant techniques with fuzzing, such as symbol execution [2, 3] , dynamic analysis [4, 5] and others.  ... 
doi:10.3837/tiis.2019.07.010 fatcat:teeecofhhbaqpme4cjfbvwejqu

Coverage-guided differential testing of TLS implementations based on syntax mutation

Yan Pan, Wei Lin, Yubo He, Yuefei Zhu, Licheng Wang
2022 PLoS ONE  
The differences of different implementations during the fuzzing process, such as code coverage and response data, are taken to guide the mutation of test cases, and the seeds are mutated based on the TLS  ...  Researchers are attempting to find the differences in protocol implementations based on differential testing, which is conducive to discovering the vulnerabilities.  ...  tools [32] , and in combination with symbolic execution for further broaden observed differences [33] .  ... 
doi:10.1371/journal.pone.0262176 pmid:35073360 pmcid:PMC8786154 fatcat:2ol6csi32ndqhns4tuenihbuba

The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing [article]

Pengfei Wang and Xu Zhou and Kai Lu and Tai Yue and Yingying Liu
2022 arXiv   pre-print
Most greybox fuzzing tools are coverage-guided as code coverage is strongly correlated with bug coverage.  ...  Thus, directed greybox fuzzing (DGF) is particularly suitable for scenarios such as patch testing, bug reproduction, and specialist bug hunting.  ...  Acknowledgement The authors would like to sincerely thank all the reviewers for your time and expertise on this paper. Your insightful comments help us improve this work.  ... 
arXiv:2005.11907v4 fatcat:dfoejnfw4jfobj4ejghpcgksji

Efficient Fuzz Testing for Apache Spark Using Framework Abstraction [article]

Qian Zhang, Jiyuan Wang, Muhammad Ali Gulzar, Rohan Padhye, Miryung Kim
2021 arXiv   pre-print
The key essence of our approach is that we abstract the dataflow behavior of the DISC framework with executable specifications and we design schema-aware mutations based on common error types in DISC applications  ...  We devise a novel fuzz testing tool called BigFuzz that automatically generates concrete data for an input Apache Spark program.  ...  Next, BIGFUZZ reconstructs her program with these Java classes using the executable specifications and automatically generates a test driver for her program.  ... 
arXiv:2103.05118v1 fatcat:w4exupqkbrge7iyjx3nbzgprr4
« Previous Showing results 1 — 15 out of 742 results