A Usability Evaluation of AFL and libFuzzer with CS Students

preview_player
Показать описание
A Usability Evaluation of AFL and libFuzzer with CS Students
Stephan Plöger, Mischa Meier, Matthew Smith

CHI 2023: The ACM CHI Conference on Human Factors in Computing Systems
Session: Digital Safety

In top-tier companies and academia, fuzzing has established itself as a valuable tool for finding bugs.
It is a tool created by experts for experts, and a lot of research is being invested into improving the power of fuzzing.
However, the usability of fuzzing has not received much attention yet.
To alleviate this, we evaluated the usability of two popular fuzzers: AFL and libFuzzer.
In our fuzzing study, 47 computer science students each worked up to 20 hours in total.
We found significant usability challenges for both fuzzers leading to only 17 participants who were able to finish all tasks.
Even the successful participants struggled with some of the necessary steps and found them complex and confusing.
While on the whole, AFL fared better than libFuzzer, both fuzzers have strengths and weaknesses and can be improved based on our results.

Pre-recorded presentation videos for papers at CHI 2023
  1. ACM SIGCHI
  2. CHI 2023
  3. SIGCHI
Рекомендации по теме
A Usability Evaluation 0:08:37

A Usability Evaluation of AFL and libFuzzer with CS Students

SOUPS 2021 - 0:04:57

SOUPS 2021 - A Qualitative Usability Evaluation of the Clang Static Analyzer and libFuzzer with CS

Fuzzing Embedded (Trusted) 0:57:41

Fuzzing Embedded (Trusted) Operating Systems Using AFL | Martijn Bogaard | nullcon Goa 2019

WOOT '20 - 0:20:14

WOOT '20 - AFL++ : Combining Incremental Steps of Fuzzing Research

Libfuzzer- fuzzing libxml2 0:02:58

Libfuzzer- fuzzing libxml2

Overview about Formative 0:08:45

Overview about Formative Assessment

USENIX Security '21 0:11:17

USENIX Security '21 - UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating

Formative and Summative 0:01:34

Formative and Summative Assessment

6B 2 Magma 0:13:02

6B 2 Magma A Ground Truth Fuzzing Benchmark

Formative and Summative 0:03:04

Formative and Summative Assessment

HOPE 2020 (2020): 0:47:07

HOPE 2020 (2020): On Computational Law: Why the History of Computing Could Be the Future of Law

Matthew Smith: Usability 0:30:08

Matthew Smith: Usability Issues of Modern Fuzzers @FuzzCon Europe 2020

UX Evaluation Method 0:04:17

UX Evaluation Method Part 2: Method

NDSS 2023 - 0:19:41

NDSS 2023 - DARWIN: Survival of the Fittest Fuzzing Mutators

Summative Assessment 0:07:05

Summative Assessment

NDSS 2021 BAR 0:21:02

NDSS 2021 BAR - icLibFuzzer: Isolated-context libFuzzer for Improving Fuzzer Comparability

1 inch Videotape 0:00:39

1 inch Videotape Cleaning & Evaluation (Prior to Digitisation)

SoK: (State of) 0:18:32

SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis

L3 BTEC Sport 0:03:10

L3 BTEC Sport Unit 22: Tackling The Assessment

A Dozen Years 0:57:28

A Dozen Years of Shellphish

Panel Discussion: The 0:51:38

Panel Discussion: The Quantification of Digital User Experience

Why Change and 0:02:49

Why Change and Why Focus on Formative Assessment?

Finding Heartbleed bug 0:10:33

Finding Heartbleed bug with libFuzzer and integrating it to GitLab coverage guided fuzzing feature.

USENIX Security '21 0:12:00

USENIX Security '21 - Constraint-guided Directed Greybox Fuzzing