Improving Fuzzing with Symbolic Execution

نویسندگان

Andrew Dutcher

Ruoyu Wang

Jacopo Corbetta

چکیده

Fuzzing is a great technique to, for example, discover and reproduce software system vulnerabilities. However, there exist problems with finding test inputs for complex checks (e.g., string equality checks). A recent approach proposes to combine fuzzing techniques with symbolic execution to effectively tackle this problem [1]. The student should examine and discuss the approach given in the paper and compare it with similar existing techniques.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage....

متن کامل

An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing

Recent efforts in practical symbolic execution have successfully mitigated the path-explosion problem to some extent with search-based heuristics and compositional approaches. Similarly, due to an increase in the performance of cheap multi-core commodity computers, fuzzing as a viable method of random mutation-based testing has also seen promise. However, the possibility of combining symbolic e...

متن کامل

Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Automatic test-case generation techniques of symbolic execution and fuzzing are the most widely used methods to discover vulnerabilities in, both, academia and industry. However, both these methods suffer from fundamental drawbacks that stop them from achieving high path coverage that may, consequently, lead to discovering vulnerabilities at the numerical scale of static analysis. In this prese...

متن کامل

The future of grey-box fuzzing

Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day[31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive[7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This...

متن کامل

Driller: Augmenting Fuzzing Through Selective Symbolic Execution

Memory corruption vulnerabilities are an everpresent risk in software, which attackers can exploit to obtain unauthorized access to confidential information. As products with access to sensitive data are becoming more prevalent, the number of potentially exploitable systems is also increasing, resulting in a greater need for automated software vetting tools. DARPA recently funded a competition,...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2017

Improving Fuzzing with Symbolic Execution

نویسندگان

چکیده

منابع مشابه

Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing

Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

The future of grey-box fuzzing

Driller: Augmenting Fuzzing Through Selective Symbolic Execution

عنوان ژورنال:

اشتراک گذاری