Evaluating Fuzz Testing

@inproceedings{Klees2018EvaluatingFT,
  title={Evaluating Fuzz Testing},
  author={George Klees and Andrew Ruef and Benji Cooper and Shiyi Wei and Michael Hicks},
  booktitle={CCS '18},
  year={2018}
}
Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are primarily evaluated experimentally so an important question is: What experimental setup is needed to produce trustworthy results? We surveyed the recent research literature and assessed the experimental evaluations carried out by 32 fuzzing papers. We found problems… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 47 CITATIONS

EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers

Yuanliang Chen, Yu Jiang, +5 authors Zhuo Su
  • USENIX Security Symposium
  • 2018
VIEW 5 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

MemLock: Memory Usage Guided Fuzzing

VIEW 5 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

FuzzGen: Automatic Fuzzer Generation

VIEW 4 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing

VIEW 5 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Introducing probabilities within grey-box fuzzing

VIEW 8 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

MOPT: Optimized Mutation Scheduling for Fuzzers

  • USENIX Security Symposium
  • 2019
VIEW 5 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation

VIEW 7 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Semantic fuzzing with zest

VIEW 4 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

A Feature-Oriented Corpus for Understanding, Evaluating and Improving Fuzz Testing

  • Asia CCS '19
  • 2019
VIEW 3 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

References

Publications referenced by this paper.
SHOWING 1-10 OF 13 REFERENCES

Angora: Efficient Fuzzing by Principled Search

  • 2018 IEEE Symposium on Security and Privacy (SP)
  • 2018
VIEW 7 EXCERPTS
HIGHLY INFLUENTIAL

VUzzer: Application-aware Evolutionary Fuzzing

  • NDSS
  • 2017
VIEW 15 EXCERPTS
HIGHLY INFLUENTIAL

LAVA: Large-Scale Automated Vulnerability Addition

  • 2016 IEEE Symposium on Security and Privacy (SP)
  • 2016
VIEW 5 EXCERPTS
HIGHLY INFLUENTIAL

AddressSanitizer: A Fast Address Sanity Checker

VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

A practical guide for using statistical tests to assess randomized algorithms in software engineering

  • 2011 33rd International Conference on Software Engineering (ICSE)
  • 2011
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Steelix: program-state based binary fuzzing

  • ESEC/FSE 2017
  • 2017
VIEW 7 EXCERPTS
HIGHLY INFLUENTIAL