Distributed evolutionary fuzzing with Evofuzz
نویسنده
چکیده
This paper describes the design of a tool (called Evofuzz) that implements the technique of evolutionary (or coverage-guided) fuzzing in a scalable, distributed manner. The architecture, design-choices and implementation specifics of this tool are examined, explained and criticized. After outlining possible improvements and future work that is not yet completed, the paper finishes by presenting the results from fuzzing real-world programs and explains how to recreate them using the provided tool.
منابع مشابه
Fuzzing: The State of the Art)
Fuzzing is an approach to software testing where the system being tested is bombarded with test cases generated by another program. The system is then monitored for any flaws exposed by the processing of this input. While the fundamental principles of fuzzing have not changed since the term was first coined, the complexity of the mechanisms used to drive the fuzzing process have undergone signi...
متن کاملVUzzer: Application-aware Evolutionary Fuzzing
Fuzzing is an effective software testing technique to find bugs. Given the size and complexity of real-world applications, modern fuzzers tend to be either scalable, but not effective in exploring bugs that lie deeper in the execution, or capable of penetrating deeper in the application, but not scalable. In this paper, we present an application-aware evolutionary fuzzing strategy that does not...
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملThe future of grey-box fuzzing
Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day[31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive[7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This...
متن کاملSTAB Fuzzing: A Study of Android’s Binder IPC and Linux/Android Fuzzing
This paper focuses on describing the necessary background to begin working with Binder: Android’s Interprocess Communication (IPC) mechanism, and Linux/Android system call (“syscall”) fuzzing tools. The objective was to study Android and Binder along with system call fuzzing in order to learn more about Android, Binder IPC, and vulnerability detection and analysis. Our study was further concent...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016