CrFuzz: fuzzing multi-purpose programs through input validation
Suhwan Song, Chengyu Song, Yeongjin Jang, Byoungyoung Lee
Abstract
Fuzz testing has been proved its effectiveness in discovering software vulnerabilities. Empowered its randomness nature along with a coverage-guiding feature, fuzzing has been identified a vast number of vulnerabilities in real-world programs. This paper begins with an observation that the design of the current state-of-the-art fuzzers is not well suited for a particular (but yet important) set of software programs. Specifically, current fuzzers have limitations in fuzzing programs serving multiple purposes, where each purpose is controlled by extra options.
Topics & Concepts
Fuzz testingComputer scienceSoftware bugSet (abstract data type)SoftwareFeature (linguistics)RandomnessSoftware testingBenchmark (surveying)Software engineeringData miningProgramming languageMathematicsPhilosophyGeographyLinguisticsGeodesyStatisticsSoftware Testing and Debugging TechniquesSoftware Reliability and Analysis ResearchSoftware Engineering Research