filmov
tv
NDSS 2023 - DARWIN: Survival of the Fittest Fuzzing Mutators
Показать описание
SESSION 3A-3 - DARWIN: Survival of the Fittest Fuzzing Mutators
Fuzzing is an automated software testing technique broadly adopted by the industry.
A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice.
While the research community has studied mutation-based fuzzing for years now, the algorithms' interactions within the fuzzer are highly complex and can, together with the randomness in every instance of a fuzzer, lead to unpredictable effects.
Most efforts to improve this fragile interaction focused on optimizing seed scheduling.
However, real-world results like Google's FuzzBench highlight that these approaches do not consistently show improvements in practice.
Another approach to improve the fuzzing process algorithmically is optimizing mutation scheduling.
Unfortunately, existing mutation scheduling approaches also failed to convince because of missing real-world improvements or too many user-controlled parameters whose configuration requires expert knowledge about the target program.
This leaves the challenging problem of cleverly processing test cases and achieving a measurable improvement unsolved.
PAPER
AUTHORS
Patrick Jauernig (Technical University of Darmstadt), Domagoj Jakobovic (University of Zagreb, Croatia), Stjepan Picek (Radboud University and TU Delft), Emmanuel Stapf (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt)
Network and Distributed System Security (NDSS) Symposium 2023, 27 February – 3 March 2023 in San Diego, California.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
#NDSS #NDSS23 #NDSS2023 #InternetSecurity #fuzzing
Fuzzing is an automated software testing technique broadly adopted by the industry.
A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice.
While the research community has studied mutation-based fuzzing for years now, the algorithms' interactions within the fuzzer are highly complex and can, together with the randomness in every instance of a fuzzer, lead to unpredictable effects.
Most efforts to improve this fragile interaction focused on optimizing seed scheduling.
However, real-world results like Google's FuzzBench highlight that these approaches do not consistently show improvements in practice.
Another approach to improve the fuzzing process algorithmically is optimizing mutation scheduling.
Unfortunately, existing mutation scheduling approaches also failed to convince because of missing real-world improvements or too many user-controlled parameters whose configuration requires expert knowledge about the target program.
This leaves the challenging problem of cleverly processing test cases and achieving a measurable improvement unsolved.
PAPER
AUTHORS
Patrick Jauernig (Technical University of Darmstadt), Domagoj Jakobovic (University of Zagreb, Croatia), Stjepan Picek (Radboud University and TU Delft), Emmanuel Stapf (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt)
Network and Distributed System Security (NDSS) Symposium 2023, 27 February – 3 March 2023 in San Diego, California.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
#NDSS #NDSS23 #NDSS2023 #InternetSecurity #fuzzing
0:19:41
0:17:59