Randomly mutating well-formed program inputs or simply fuzzing, is a highly effective and widely used strategy to find bugs in software. Other than showing fuzzers find bugs, there has been little systematic effort in understanding the science of how to fuzz properly. In this paper, we focus on how to mathematically formulate and reason about one critical aspect in fuzzing: how best to pick see...

Résumé Standards in communication enable new test automation techniques for verification of reliability and security. Fuzzing is a negative software testing method that feeds a program, device or system with malformed and unexpected input data in order to find critical crash-level defects. The tests are targeted at remote interfaces, and will focus on finding issues with invalid data elements, ...

Cyber attacks against the web management interface of Internet Things (IoT) devices often have serious consequences. Current research uses fuzzing technologies to test interfaces IoT devices. These fuzzers generate messages (a case sent from client server its functionality) without considering their dependency, which is unlikely bypass early check server. invalid cases significantly reduce effi...

This artifact contains the source code and instructions to reproduce evaluation results of article “Fuzzing Configurations Program Options.” The includes configuration grammars for six target programs, scripts generate stubs, post-process fuzzing results. README steps prepare experimental environment on a clean Ubuntu machine step-by-step commands experiments. A VirtualBox image with ConfigFuzz...

Für die Durchführung effektiver Penetrationstests ist die Identifizierung von Diensten (Services) und Applikationen auf den Zielsystemen, das sogenannte Service-Fingerprinting, von zentraler Bedeutung. Ziel dieses Beitrags ist es, mögliche Verbesserungspotentiale bestehender Fingerprinting-Tools zu beleuchten. Dies soll durch Einsatz von Mutation-Based Fuzzing zwecks einfacher und automatischer...

Abstract SMT solvers are highly complex pieces of software with performance, robustness, and correctness as key requirements. Complementing traditional testing techniques for these randomized stress has been shown to be quite effective. Recent work showcased the value input fuzzing finding issues, but this approach typically does not comprehensively test a solver’s API. Previous on model-based ...

As a result of background work on analysis in embedded Linux OS, the authors created ELF (embedded linux fuzzing) tool that provides functionality for use conventional dynamic tools working with IoT devices. The article discusses full-system symbolic execution systems based kernels, describes how to integrate S2E frameworks into environment, as well possibility applicability resulting toolchain...

High scalability and low running costs have made fuzz testing the de facto standard for discovering software bugs. Fuzzing techniques are constantly being improved in a race to build ultimate bug-finding tool. However, while fuzzing excels at finding bugs wild, evaluating comparing fuzzer performance is challenging due lack of metrics benchmarks. For example, crash count---perhaps most commonly...