Litcius/Paper detail

Efficient Greybox Fuzzing to Detect Memory Errors

Jinsheng Ba, Gregory J. Duck, Abhik Roychoudhury

202213 citationsDOIOpen Access PDF

Abstract

Greybox fuzzing is a proven and effective testing method for the detection of security vulnerabilities and other bugs in modern software systems. Greybox fuzzing can also be used in combination with a sanitizer, such as AddressSanitizer (ASAN), to further enhance the detection of certain classes of bugs such as buffer overflow and use-after-free errors. However, sanitizers also introduce additional performance overheads, and this can degrade the performance of greybox mode fuzzing—measured in the order of 2.36 × for fuzzing with ASAN—partially negating the benefit of using a sanitizer in the first place. Recent research attributes the extra overhead to program startup/teardown costs that can dominate fork-mode fuzzing.

Topics & Concepts

Fuzz testingComputer scienceOverhead (engineering)Software bugBuffer overflowComputer securityEmbedded systemSoftwareOperating systemSoftware Testing and Debugging TechniquesRadiation Effects in ElectronicsSecurity and Verification in Computing