Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Fri 31 May 2019 11:00 - 11:20 at Duluth - Fuzzing Chair(s): Marcel Böhme

Fuzzing is an important technique to detect software bugs and vulnerabilities. It works by mutating a small set of seed inputs to generate a large number of new inputs. Fuzzers’ performance often substantially degrades when valid seed inputs are not available. Although existing techniques such as symbolic execution can generate seed inputs from scratch, they have various limitations hindering their applications in real-world complex software without source code. In this paper, we propose a novel fuzzing technique that features the capability of generating valid seed inputs. It piggy-backs on AFL to identify input validity checks and the input fields that have impact on such checks. It further classifies these checks according to their relations to the input. Such classes include arithmetic relation, object offset, data structure length and so on. A multi-goal search algorithm is developed to apply class specific mutations in order to satisfy inter-dependent checks all together. We evaluate our technique on 20 popular benchmark programs collected from other fuzzing projects and the Google fuzzer test suite, and compare it with existing fuzzers AFL and AFLFast, symbolic execution engines KLEE and S2E, and a hybrid tool Driller that combines fuzzing with symbolic execution. The results show that our technique is highly effective and efficient, out-performing the other tools.

Fri 31 May

Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30
FuzzingTechnical Track / Papers at Duluth
Chair(s): Marcel Böhme Monash University
11:00
20m
Talk
SLF: Fuzzing without Valid Seed InputsTechnical TrackIndustry Program
Technical Track
Wei You Purdue University, Xuwei Liu Zhejiang University, Shiqing Ma Purdue University, USA, David Mitchel Perry Purdue University, Xiangyu Zhang Purdue University, Bin Liang Renmin University of China, China
11:20
20m
Talk
Superion: Grammar-Aware Greybox FuzzingTechnical Track
Technical Track
Junjie Wang Nanyang Technological University, Bihuan Chen Fudan University, Lei Wei Nanyang Technological University, Yang Liu Nanyang Technological University, Singapore
11:40
20m
Talk
Grey-box Concolic Testing on Binary CodeArtifacts AvailableTechnical TrackIndustry Program
Technical Track
Jaeseung Choi KAIST, Joonun Jang Samsung Research, Samsung Electronics, Choongwoo Han NAVER Corporation, Sang Kil Cha KAIST
12:00
20m
Talk
REST-ler: Stateful REST API FuzzingTechnical TrackIndustry Program
Technical Track
Vaggelis Atlidakis Columbia University, Patrice Godefroid Microsoft Research, Marina Polishchuk Microsoft
Link to publication
12:20
10m
Talk
Discussion Period
Papers