Filters








526 Hits in 5.8 sec

The Art, Science, and Engineering of Fuzzing: A Survey [article]

Valentin J.M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo
2019 arXiv   pre-print
We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective  ...  To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature.  ...  in decision science [34] .  ... 
arXiv:1812.00140v4 fatcat:zk2ow477dffc5pllixqigz24ba

Fuzzing: a survey

Jun Li, Bodong Zhao, Chao Zhang
2018 Cybersecurity  
This paper presents a summary of the recent advances, analyzes how they improve the fuzzing process, and sheds light on future work in fuzzing.  ...  Then we present an overview of fuzzing solutions, and discuss in detail one of the most popular type of fuzzing, i.e., coverage-based fuzzing.  ...  Acknowledgements This research was supported in part by the National Natural Science Foundation of China (Grant No. 61772308 61472209, and U1736209), and Young Elite Scientists Spon-sorship Program by  ... 
doi:10.1186/s42400-018-0002-y fatcat:3xvvipq7gfbkxl55h5desnqpiq

ct-fuzz: Fuzzing for Timing Leaks [article]

Shaobo He and Michael Emmi and Gabriela Ciocarlie
2019 arXiv   pre-print
In particular, we present the ct-fuzz tool, which lends coverage-guided greybox fuzzers the ability to detect two-safety property violations.  ...  Testing-based methodologies like fuzzing are able to analyze complex software which is not amenable to traditional formal approaches like verification, model checking, and abstract interpretation.  ...  Acknowledgements This work was funded in part by the US Department of Homeland Security (DHS) Science and Technology (S&T) Directorate under contract no. HSHQDC-16-C-00034.  ... 
arXiv:1904.07280v1 fatcat:vys7cgmscnbq7kovfbcy446bfq

Magma: A Ground-Truth Fuzzing Benchmark [article]

Ahmad Hazimeh, Adrian Herrera, Mathias Payer
2020 arXiv   pre-print
Magma is an open benchmark consisting of seven targets that perform a variety of input manipulations and complex computations, presenting a challenge to state-of-the-art fuzzers.  ...  However, while fuzzing excels at finding bugs, evaluating and comparing fuzzer performance is challenging due to the lack of metrics and benchmarks.  ...  's study of 32 fuzzing papers found that none of the surveyed papers provided sufficient detail to support their claims of fuzzer improvement [29] .  ... 
arXiv:2009.01120v1 fatcat:5uskgzhfnjhejask3ymynh6sha

Synthesis of Linux Kernel Fuzzing Tools Based on Syscall

SHUAI BAI, DAN LI, MINHUAN HUANG, HUA CHEN
2017 DEStech Transactions on Computer Science and Engineering  
Meanwhile, we inspect these tools on the usage of coverage-based fuzzing which is the state-of-the-art fuzzing optimization technology.  ...  We make synthesis of the three kernel fuzzing tools from the aspects of sisal arguments model, test case construction and fuzzing scheduling and propose an abstract of partial specialization of model and  ...  Dan Li, National Key Laboratory of Science and Technology on Information System Security, Beijing Institute of System Engineering, Beijing 100101, China; yumiko0@mail.ustc.edu.cn Minhuan Huang and Hua  ... 
doi:10.12783/dtcse/aiea2017/14990 fatcat:jcek55dmpfbwppcaranfc2vh74

Securing Autonomous Service Robots through Fuzzing, Detection, and Mitigation [article]

Chundong Wang, Yee Ching Tok, Rohini Poolat, Sudipta Chattopadhyay, Mohan Rajesh Elara
2020 arXiv   pre-print
To this end, we leverage the idea of directed fuzzing and design RoboFuzz that systematically tests an autonomous service robot in line with the robot's states and the surrounding environment.  ...  We have prototyped the bundle of RoboFuzz, detection and mitigation algorithms in a real-world movable robot.  ...  We use a state-of-the-art fuzzing tool, i.e., Radamsa [14] , to fuzz the robot control program of the aforementioned movable robot employing a distance sensor for motion.  ... 
arXiv:2003.05564v1 fatcat:bctcrwt7mfbkpex5jkduijqcou

Using Relational Problems to Teach Property-Based Testing

John Wrenn, Tim Nelson, Shriram Krishnamurthi
2020 The Art, Science, and Engineering of Programming  
The growing use of formal methods in, and the growth of software synthesis, all create demand for techniques to train students and developers in the art of specification writing.  ...  We posit that PBT forms a strong bridge between testing and the act of specification: it's a form of testing where the tester is actually writing abstract specifications.  ...  Acknowledgements This work is partially supported by the US National Science Foundation. We thank the anonymous reviewers, especially Reviewer 1, for their careful reading and detailed comments.  ... 
doi:10.22152/programming-journal.org/2021/5/9 fatcat:xz7lsqrkg5ab5hgrtsmn7gszci

FirmHunter: State-Aware and Introspection-Driven Grey-Box Fuzzing towards IoT Firmware

Qidi Yin, Xu Zhou, Hangwei Zhang
2021 Applied Sciences  
We evaluate FirmHunter by emulating and fuzzing eight firmware images including seven routers and one IP camera with a state-of-the-art IoT fuzzer FirmFuzz and a web application scanner ZAP.  ...  accelerates the discovery of vulnerabilities by an average of 42%; and (3) FirmHunter is able to find unknown vulnerabilities.  ...  To evaluate our tool, we tested it on a set of real-world IoT firmware images with a state-of-the-art IoT fuzzer and a web scanner.  ... 
doi:10.3390/app11199094 fatcat:64gki4wf3fhfre4llx2grqpxqe

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing [article]

William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele
2020 arXiv   pre-print
We evaluate SRI's effectiveness by comparing the performance of micro-fuzzing with SRI, measured by the number of AC vulnerabilities detected, to simply using empty values as seed inputs.  ...  HotFuzz uses micro-fuzzing, a genetic algorithm that evolves arbitrary Java objects in order to trigger the worst-case performance for a method under test.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as representing the official policies or endorsements, either expressed or implied, of any government agency  ... 
arXiv:2002.03416v1 fatcat:zb72iomeabdmjiig2yn5vdgsz4

A Survey on Adaptive Random Testing

Rubing Huang, Weifeng Sun, Yinyin Xu, Haibo Chen, Dave Towey, Xin Xia
2019 IEEE Transactions on Software Engineering  
This paper provides a comprehensive survey on ART, classifying techniques, summarizing application areas, and analyzing experimental evaluations.  ...  Random testing (RT) is a well-studied testing method that has been widely applied to the testing of many applications, including embedded software systems, SQL database systems, and Android applications  ...  This work is supported by the National Natural Science  ... 
doi:10.1109/tse.2019.2942921 fatcat:ttue22jqfbhytjsvpjawmvtcdy

A survey on artificial intelligence assurance

Feras A. Batarseh, Laura Freeman, Chih-Hao Huang
2021 Journal of Big Data  
One important notion for the adoption of AI algorithms into operational decision processes is the concept of assurance.  ...  Lastly, in this manuscript, we provide foundational insights, discussions, future directions, a roadmap, and applicable recommendations for the development and deployment of AI assurance.  ...  The next section "The state of AI assurance" provides further details on the state-of-the-art, and "The review and scoring of methods" section presents an exhaustive review of all AI assurance methods  ... 
doi:10.1186/s40537-021-00445-7 doaj:70ef07f53cda44c7bed3084532268a3f fatcat:h2oleckbcneixhtbjzw4cvdp2e

A Survey on Recent Advanced Research of CPS Security

Zhenhua Wang, Wei Xie, Baosheng Wang, Jing Tao, Enze Wang
2021 Applied Sciences  
In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation  ...  Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works.  ...  Germany NSERC Natural Sciences and Engineering Research Council of Canada Canada  ... 
doi:10.3390/app11093751 fatcat:fxby2wjzpnchrfshvilxalmptm

The Oracle Problem in Software Testing: A Survey

Earl T. Barr, Mark Harman, Phil McMinn, Muzammil Shahbaz, Shin Yoo
2015 IEEE Transactions on Software Engineering  
This paper provides a comprehensive survey of current approaches to the test oracle problem and an analysis of trends in this important area of software testing research and practice.  ...  Testing involves examining the behaviour of a system in order to discover potential faults.  ...  by the previous state of the art.  ... 
doi:10.1109/tse.2014.2372785 fatcat:kcsfqlofvnbtlmedd33z2yisq4

A survey on server-side approaches to securing web applications

Xiaowei Li, Yuan Xue
2014 ACM Computing Surveys  
This paper surveys the area of securing web applications from the server side, with the aim of systematizing the existing techniques into a big picture that promotes future research.  ...  We organize the existing techniques along two dimensions: (1) the security vulnerabilities and attacks that they address; (2) the design objective and the phases of a web application during which they  ...  ACKNOWLEDGMENTS This work was supported by NSF TRUST (The Team for Research in Ubiquitous Secure Technology) Science and Technology Center (CCF-0424422). We specially thank Prof.  ... 
doi:10.1145/2541315 fatcat:bjbtc55l4rf2bhbwznyhbldbge

A Survey on Security for Mobile Devices

Mariantonietta La Polla, Fabio Martinelli, Daniele Sgandurra
2013 IEEE Communications Surveys and Tutorials  
This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011, by focusing on high-level attacks, such those to user applications.  ...  As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers.  ...  ACKNOWLEDGEMENT The authors would like to thank the anonymous reviewers for their valuable comments and suggestions, which have greatly improved the quality of the paper.  ... 
doi:10.1109/surv.2012.013012.00028 fatcat:us2g2qlglrflporo6fp6vqbdn4
« Previous Showing results 1 — 15 out of 526 results