the art science and engineering of fuzzing a survey
play

The Art, Science, and Engineering of Fuzzing: A Survey Valentin - PowerPoint PPT Presentation

Jul 19, 2023 •333 likes •516 views

The Art, Science, and Engineering of Fuzzing: A Survey Valentin J.M. Mans, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo A Complex Field 2 Fuzzing: Potential Definitions Some say:

  1. The Art, Science, and Engineering of Fuzzing: A Survey Valentin J.M. Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo

  2. A Complex Field 2

  3. Fuzzing: Potential Definitions • Some say: “Fuzzers are tools to make crashes.” è What kind of crash? è PerfFuzz 1 just looks for “algorithmic complexity vulnerabilities”. • Some say: “Fuzzers create inputs, either by mutating seeds (e.g. zzuf ), or based on models , like grammars (e.g. Peach ).” è Random Testing may not use any seed. è Concolic execution use neither. 1 C. Lemieux, R. Padhye, K. Sen, and D. Song, “PerfFuzz: Automatically generating pathological inputs,” in Proceedings of the 3 International Symposium on Software Testing and Analysis , 2018, pp. 254–265.

  4. Common Pitfalls A definition should: • Not be goal oriented . è Fuzzers are tools: there goal is defined by the user. • Not be method oriented . è The field has shown too much diversity. 4

  5. Fuzzing: What it is? Fuzzing refers to a process of repeatedly running a program with generated inputs to test if a program violates a correctness policy.* 5 * This is a simplified version of the definition in the paper.

  6. Fuzzers: How to Model Them? Fuzzer test cases ② ① InputGen InputEval ③ execinfos PreProcess Schedule ConfUpdate 6

  7. Survey Methodology • We surveyed the field for 10+ years: v Major Github repositories v Major conferences (Security & Software Engineering) • Let’s look at two examples: zzuf , AFL 7

  8. Example Fuzzer zzuf Simple Execution Seed bit flip test cases InputGen InputEval execinfos PreProcess Schedule ConfUpdate 8

  9. Example Instrumented Execution Fuzzer AFL Mutation operations test cases InputGen InputEval Instrumentation execinfos PreProcess Coverage-based Fitness Function Round Robin++ Schedule ConfUpdate 9

  10. Genealogy 10

  11. Companion Website: fuzzing-survey.org 11

  12. AFL: A Grey-box Hub 12

  13. Black-box Hubs BFF LangFuzz 13

  14. Grey-box Outliers Sidewinder CalFuzzer 14

  15. Companion Website: fuzzing-survey.org Make a PR to add fuzzers J github.com/SoftSec-KAIST/Fuzzing-Survey 15

  16. Share your fuzzer! Sharable links: fuzzing-survey.org/?k=Ankou 16

  17. Question? 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

through Coverage-guided Tracing Stefan Nagy Matthew Hicks snagy2@vt.edu mdhicks2@vt.edu

through Coverage-guided Tracing Stefan Nagy Matthew Hicks snagy2@vt.edu mdhicks2@vt.edu

Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing Stefan Nagy Matthew Hicks snagy2@vt.edu mdhicks2@vt.edu COMPUTER SCIENCE 1 Fuzzing 2 COMPUTER SCIENCE An Overview of Fuzzing Time-tested technique AFL,

572 views • 28 slides
FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

MASTER SEMINAR WS16/17 PROF. DR. ALEXANDER PRETSCHNER SAAHIL OGNAWALA FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr. Alexander Pretschner Head of Chair XXII Software Engineering @TUM since

489 views • 21 slides
Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering

Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering

Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering autom ated reverse engineering Erik Poll Erik Poll Radboud University Nijmegen Testing Ingredients T ti I di t Two things are needed to test

865 views • 53 slides
Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me Motivation Introduction of fuzzing and afl fuzzer Necessary changes to the core and configuration Testing setup Example SIP messages and

1.03k views • 35 slides
Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is fuzzing/fuzz testing? Why AFL? How does it work with GNAT Pro/Ada? Premise: Fuzz Testing Definition: Stable Software Software that is highly

649 views • 16 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

From Blackbox Fuzzing to Whitebox Fuzzing towards Verification 2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid Microsoft Research ISSTA2010 Page 1 July 2010 Acknowledgments Joint work with:

633 views • 38 slides
Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico Politecnico di Milano October 25, 2018 1 Index Coverage-guided fuzzing An overview of rev.ng Experimental results 2 Fuzzing 3 Fuzzing 1 Generate

1.36k views • 72 slides
Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange Division R&D firstname dot lastname at orange-ftgroup dot com research & development Forewords Wi-Fi Fuzzing/BlackHat EU 2007/Laurent Butti p

1.05k views • 78 slides
Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing what is fuzzing, why fuzz, fuzzing types How to fuzz fuzz target, fuzzing engine, libFuzzer Media processing as a target

551 views • 19 slides
T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1 2 Fuzzing as a bug finding approach Fuzzing is highly effective in finding bugs (CVEs) Developers use it as proactive defense measure:

844 views • 32 slides
Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction

Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction

Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction Fuzzing Media Content in Android Data Generation Fuzzing the Stagefright Framework Logging & Triage Mechanisms 2 Introduction Fuzzing

1.12k views • 38 slides
NEUZZ: Efficient Fuzzing with Neural Program Smoothing Dongdong She, Kexin Pei, Dave Epstein,

NEUZZ: Efficient Fuzzing with Neural Program Smoothing Dongdong She, Kexin Pei, Dave Epstein,

NEUZZ: Efficient Fuzzing with Neural Program Smoothing Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana Columbia University 1 Fuzzing: a popular way to uncover bugs [Liang et al. 2019] 2 Evolutionary Fuzzing

1.02k views • 26 slides
ParmeSan: Sanitizer-guided Greybox Fuzzing USENIX 2020 *some pages borrowed from Zheyu Ma

ParmeSan: Sanitizer-guided Greybox Fuzzing USENIX 2020 *some pages borrowed from Zheyu Ma

ParmeSan: Sanitizer-guided Greybox Fuzzing USENIX 2020 *some pages borrowed from Zheyu Ma background What is fuzzing: feed random inputs to trigger as many crashes and hangs as possible What is state-of-the-art of fuzzing research:

494 views • 18 slides
FUZZIFICATION : Anti-Fuzzing Techniques Jinho Jung , Hong Hu, David Solodukhin, Daniel Pagan, Kyu

FUZZIFICATION : Anti-Fuzzing Techniques Jinho Jung , Hong Hu, David Solodukhin, Daniel Pagan, Kyu

FUZZIFICATION : Anti-Fuzzing Techniques Jinho Jung , Hong Hu, David Solodukhin, Daniel Pagan, Kyu Hyung Lee*, Taesoo Kim * 1 Fuzzing Discovers Many Vulnerabilities 2 Fuzzing Discovers Many Vulnerabilities 3 Testers Find Bugs with Fuzzing

1.13k views • 65 slides
through Fuzzing Dae R. Jeong Kyungtae Kim Basavesh Shivakumar Byoungyoung Lee

through Fuzzing Dae R. Jeong Kyungtae Kim Basavesh Shivakumar Byoungyoung Lee

Razzer: Finding Kernel Race Bugs through Fuzzing Dae R. Jeong Kyungtae Kim Basavesh Shivakumar Byoungyoung Lee Insik Shin Korea Advanced Institute of Science and Technology Seoul National University Purdue

1.17k views • 47 slides
Data structures Exercise session Week 2 I. Sorting Sorting by Insertion |4 6 8 2 9 5 1 7 3

Data structures Exercise session Week 2 I. Sorting Sorting by Insertion |4 6 8 2 9 5 1 7 3

Data structures Exercise session Week 2 I. Sorting Sorting by Insertion |4 6 8 2 9 5 1 7 3 4 |6 8 2 9 5 1 7 3 4 6 |8 2 9 5 1 7 3 4 6 8 |2 9 5 1 7 3 2 4 6 8 |9 5 1 7 3 2 4 6 8 9 |5 1 7 3 2 4 5 6 8 9 |1 7 3 1 2 4 5 6 8 9 |7 3 1 2 4 5 6

642 views • 18 slides
So)ware Security: Vulnerability Analysis Dawn Song Finding

So)ware Security: Vulnerability Analysis Dawn Song Finding

Computer Security Course. Dawn

539 views • 32 slides
MichaelEddington Agenda Introduction Whyarewefuzzing?

MichaelEddington Agenda Introduction Whyarewefuzzing?

MichaelEddington Agenda Introduction Whyarewefuzzing? Typesofexistingfuzzers Fuzzing,process AdoptionRisks Fuzzingcosts Pullingitalltogether

671 views • 50 slides
Fuzzing Tools Jenny Kang High-level overview A pretty slide deck that does a good job of

Fuzzing Tools Jenny Kang High-level overview A pretty slide deck that does a good job of

Fuzzing Tools Jenny Kang High-level overview A pretty slide deck that does a good job of explaining browser fuzzing approaches on a high level Another slide deck on DOM fuzzing Peach (Windows version) PeachPit is an XML file

741 views • 36 slides
Semantics and First-Order Predicate Calculus 11-711 Algorithms for NLP 17 October 2019 (With

Semantics and First-Order Predicate Calculus 11-711 Algorithms for NLP 17 October 2019 (With

Semantics and First-Order Predicate Calculus 11-711 Algorithms for NLP 17 October 2019 (With thanks to Noah Smith) Key Challenge of Meaning We actually say very little - much more is left unsaid, because its assumed to be widely known.

771 views • 53 slides
Quarterly Virtual Meeting #2 Apr. 20, 2018 Todays Agenda Welcome and Overview TOPIC:

Quarterly Virtual Meeting #2 Apr. 20, 2018 Todays Agenda Welcome and Overview TOPIC:

Readmissions Stakeholder Quarterly Virtual Meeting #2 Apr. 20, 2018 Todays Agenda Welcome and Overview TOPIC: Innovative Partnerships to Improve Care Transitions Guest speaker: Ken Peach, Executive Director of Health Council of

542 views • 18 slides
ISSEP 2010 15 January 2010, 13:4014:00 Tom Verhoeff Eindhoven University of Technology

ISSEP 2010 15 January 2010, 13:4014:00 Tom Verhoeff Eindhoven University of Technology

Algorithmic Adventures and More Presented at ISSEP 2010 15 January 2010, 13:4014:00 Tom Verhoeff Eindhoven University of Technology Department of Mathematics & Computer Science Software Engineering & Techology Group The

349 views • 7 slides
Public Service Enterprise Group PSEG Earnings Conference Call 2 nd Quarter 2016 July 29, 2016

Public Service Enterprise Group PSEG Earnings Conference Call 2 nd Quarter 2016 July 29, 2016

Public Service Enterprise Group PSEG Earnings Conference Call 2 nd Quarter 2016 July 29, 2016 Forward-Looking Statements Certain of the matters discussed in this report about our and our subsidiaries' future performance, including, without

557 views • 34 slides

More recommend