Model-based whitebox fuzzing for program binaries

  title={Model-based whitebox fuzzing for program binaries},
  author={Van-Thuan Pham and Marcel B{\"o}hme and Abhik Roychoudhury},
  journal={2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE)},
  • Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
  • Published 2016
  • Computer Science
  • 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • Many real-world programs take highly structured and complex files as inputs. The automated testing of such programs is non-trivial. If the test does not adhere to a specific file format, the program returns a parser error. For symbolic execution-based whitebox fuzzing the corresponding error handling code becomes a significant time sink. Too much time is spent in the parser exploring too many paths leading to trivial parser errors. Naturally, the time is better spent exploring the functional… CONTINUE READING
    62 Citations

    Figures, Tables, and Topics from this paper

    Steelix: program-state based binary fuzzing
    • 134
    • PDF
    NAUTILUS: Fishing for Deep Bugs with Grammars
    • 40
    • PDF
    InsFuzz: Fuzzing Binaries With Location Sensitivity
    • 3
    • PDF
    Skyfire: Data-Driven Seed Generation for Fuzzing
    • 145
    • PDF
    pbSE: Phase-Based Symbolic Execution
    • Qixue Xiao, Yu Chen, +4 authors Y. Shi
    • Computer Science
    • 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
    • 2017
    • 1
    Smart Greybox Fuzzing
    • 41
    • PDF
    Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine
    • PDF
    Perspectives on search strategies in automated test input generation
    • Highly Influenced


    Automated Whitebox Fuzz Testing
    • 1,083
    • Highly Influential
    • PDF
    Grammar-based whitebox fuzzing
    • 401
    • Highly Influential
    • PDF
    Taint-based directed whitebox fuzzing
    • 279
    • Highly Influential
    • PDF
    TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
    • 273
    • Highly Influential
    • PDF
    An empirical study of the reliability of UNIX utilities
    • 931
    • Highly Influential
    • PDF