Finding Specification Blind Spots via Fuzz Testing
R Ji, M Xu - 2023 IEEE Symposium on Security and Privacy (SP …, 2023 - ieeexplore.ieee.org
A formally verified program is only as correct as its specifications (SPEC). But how to assure
that the SPEC is complete and free of loopholes? This paper presents Fast, short for Fuzzing …
that the SPEC is complete and free of loopholes? This paper presents Fast, short for Fuzzing …
Skyfire: Data-driven seed generation for fuzzing
Programs that take highly-structured files as inputs normally process inputs in stages: syntax
parsing, semantic checking, and application execution. Deep bugs are often hidden in the …
parsing, semantic checking, and application execution. Deep bugs are often hidden in the …
Static program analysis as a fuzzing aid
Fuzz testing is an effective and scalable technique to perform software security
assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a …
assessments. Yet, contemporary fuzzers fall short of thoroughly testing applications with a …
CrFuzz: Fuzzing multi-purpose programs through input validation
Fuzz testing has been proved its effectiveness in discovering software vulnerabilities.
Empowered its randomness nature along with a coverage-guiding feature, fuzzing has been …
Empowered its randomness nature along with a coverage-guiding feature, fuzzing has been …
{FIXREVERTER}: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
Fuzz testing is an active area of research with proposed improvements published at a rapid
pace. Such proposals are assessed empirically: Can they be shown to perform better than …
pace. Such proposals are assessed empirically: Can they be shown to perform better than …
Utopia: Automatic generation of fuzz driver using unit tests
B Jeong, J Jang, H Yi, J Moon, J Kim… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Fuzzing is arguably the most practical approach for detecting security bugs in software, but a
non-trivial extent of efforts is required for its adoption. To be effective, high-quality fuzz …
non-trivial extent of efforts is required for its adoption. To be effective, high-quality fuzz …
Fuzzing with data dependency information
A Mantovani, A Fioraldi… - 2022 IEEE 7th European …, 2022 - ieeexplore.ieee.org
Recent advances in fuzz testing have introduced several forms of feedback mechanisms,
motivated by the fact that for a large range of programs and libraries, edgecoverage alone is …
motivated by the fact that for a large range of programs and libraries, edgecoverage alone is …
Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing
U Kargén, N Shahmehri - Proceedings of the 2015 10th Joint Meeting on …, 2015 - dl.acm.org
Mutation-based fuzzing is a popular and widely employed black-box testing technique for
finding security and robustness bugs in software. It owes much of its success to its simplicity; …
finding security and robustness bugs in software. It owes much of its success to its simplicity; …
Seededfuzz: Selecting and generating seeds for directed fuzzing
W Wang, H Sun, Q Zeng - 2016 10th International Symposium …, 2016 - ieeexplore.ieee.org
As an improvement on traditional random fuzzing, directed fuzzing utilizes dynamic taint
analysis to locate regions of seed inputs which can influence security-sensitive program …
analysis to locate regions of seed inputs which can influence security-sensitive program …
TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection
Fuzz testing has proven successful in finding security vulnerabilities in large programs.
However, traditional fuzz testing tools have a well-known common drawback: they are …
However, traditional fuzz testing tools have a well-known common drawback: they are …