Fuzz testing has been used to find bugs in programs since the 1990s, but despite decades of dedicated research, there is still no consensus on which fuzzing techniques work best …
One of the key questions when fuzzing is where to look for vulnerabilities. Coverage-guided fuzzers indiscriminately optimize for covering as much code as possible given that bug …
Among various fuzzing approaches, coverage-guided grey-box fuzzing is perhaps the most prominent, due to its ease of use and effectiveness. Using this approach, the selection of …
H Huang, Y Guo, Q Shi, P Yao, R Wu… - 2022 IEEE Symposium …, 2022 - ieeexplore.ieee.org
Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …
Directed fuzzing focuses on automatically testing specific parts of the code by taking advantage of additional information such as (partial) bug stack trace, patches or risky …
Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or …
Researchers have proposed many optimizations to improve the efficiency of fuzzing, and most optimized strategies work very well on their targets when running in single mode with …
Fuzzing has become one of the most effective bug finding approach for software. In recent years, 24* 7 continuous fuzzing platforms have emerged to test critical pieces of software …
M Payer - IEEE Security & Privacy, 2019 - ieeexplore.ieee.org
Software contains bugs, and some bugs are exploitable. Mitigations protect our systems in the presence of these vulnerabilities, often stopping the program once a security violation …