A directed greybox fuzzing tool for continuous integration

被引:0
作者
Lan, Wenwei [1 ,4 ]
Zhang, Jiaming [2 ]
Yang, Huiwen [3 ]
Cui, Zhanqi [1 ,4 ]
机构
[1] Beijing Informat Sci & Technol Univ, Sch Comp Sci, Beijing, Peoples R China
[2] Univ Sci & Technol Beijing, Sch Comp & Commun Engn, Beijing, Peoples R China
[3] Nanjing Univ Aeronaut & Astronaut, Coll Comp Sci & Technol, Nanjing, Peoples R China
[4] Nanjing Univ Aeronaut & Astronaut, Minist Ind & Informat, Key Lab Safety Crit Software, Nanjing, Peoples R China
来源
SOFTWAREX | 2024年 / 27卷
关键词
Continuous integration; Taint analysis; Fuzz testing; Change analysis;
D O I
10.1016/j.softx.2024.101824
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Changes are occurred frequently during continuous integration. Existing testing methods often suffer from weak specificity or insufficiency when applied to continuous integration. To solve this problem, we implement a fuzzing tool called CIDFuzz for continuous integration. First, difference analysis is performed to locate the change points, and the distances between basic blocks and the change points are calculated. Then, the distances are instrumented into the program under test. During fuzz testing, testing resources are allocated according to the coverage of seeds to test the change points effectively.
引用
收藏
页数:6
相关论文
共 14 条
  • [1] Directed Greybox Fuzzing
    Bohme, Marcel
    Van-Thuan Pham
    Manh-Dung Nguyen
    Roychoudhury, Abhik
    [J]. CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 2329 - 2344
  • [2] TargetFuzz: Using DARTs to Guide Directed Greybox Fuzzers
    Canakci, Sadullah
    Matyunin, Nikolay
    Graffi, Kalman
    Joshi, Ajay
    Egele, Manuel
    [J]. ASIA CCS'22: PROCEEDINGS OF THE 2022 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2022, : 561 - 573
  • [3] Hawkeye: Towards a Desired Directed Grey-box Fuzzer
    Chen, Hongxu
    Xue, Yinxing
    Li, Yuekang
    Chen, Bihuan
    Xie, Xiaofei
    Wu, Xiuheng
    Liu, Yang
    [J]. PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 2095 - 2108
  • [4] Duvall Paul M, 2007, Continuous Integration: Improving Software Quality and Reducing Risk
  • [5] Scalable Fuzzing of Program Binaries with E9AFL
    Gao, Xiang
    Duck, Gregory J.
    Roychoudhury, Abhik
    [J]. 2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING ASE 2021, 2021, : 1247 - 1251
  • [6] Lyu C., 2022, 29 ANN NETW DISTR SY
  • [7] Semantic Fuzzing with Zest
    Padhye, Rohan
    Lemieux, Caroline
    Sen, Koushik
    Papadakis, Mike
    Le Traon, Yves
    [J]. PROCEEDINGS OF THE 28TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS (ISSTA '19), 2019, : 329 - 340
  • [8] WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs
    Valenza, Andrea
    Demetrio, Luca
    Costa, Gabriele
    Lagorio, Giovanni
    [J]. SOFTWAREX, 2020, 11
  • [9] CrossFuzz: Cross-contract fuzzing for smart contract vulnerability detection
    Yang, Huiwen
    Gu, Xiguo
    Chen, Xiang
    Zheng, Liwei
    Cui, Zhanqi
    [J]. SCIENCE OF COMPUTER PROGRAMMING, 2024, 234
  • [10] A systematic study of reward for reinforcement learning based continuous integration testing
    Yang, Yang
    Li, Zheng
    He, Liuliu
    Zhao, Ruilian
    [J]. JOURNAL OF SYSTEMS AND SOFTWARE, 2020, 170
12