The Art, Science, and Engineering of Fuzzing: A Survey

被引:307
作者
Manes, Valentin J. M. [1 ]
Han, HyungSeok [2 ]
Han, Choongwoo [4 ]
Cha, Sang Kil [3 ]
Egele, Manuel [5 ]
Schwartz, Edward J. [6 ]
Woo, Maverick [7 ]
机构
[1] KAIST Cyber Secur Res Ctr, Daejeon, South Korea
[2] Korea Adv Inst Sci & Technol, Daejeon, South Korea
[3] Korea Adv Inst Sci & Technol, Comp Sci, Daejeon, South Korea
[4] Naver Corp, Daejeon, South Korea
[5] Boston Univ, Boston, MA 02215 USA
[6] Carnegie Mellon Univ, Inst Software Engn, Pittsburgh, PA 15213 USA
[7] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA
来源
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING | 2021年 / 47卷 / 11期
关键词
Fuzzing; Security; Computer bugs; Terminology; Software security; automated software testing; fuzzing; fuzz testing; GENERATION;
D O I
10.1109/TSE.2019.2946563
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Among the many software testing techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.
引用
收藏
页码:2312 / 2331
页数:20
相关论文
共 247 条
[51]   STADS: Software Testing as Species Discovery [J].
Bohme, Marcel .
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2018, 27 (02)
[52]   Directed Greybox Fuzzing [J].
Bohme, Marcel ;
Van-Thuan Pham ;
Manh-Dung Nguyen ;
Roychoudhury, Abhik .
CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, :2329-2344
[53]  
Bounimova E, 2013, PROCEEDINGS OF THE 35TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2013), P122, DOI 10.1109/ICSE.2013.6606558
[54]  
Boyer R. S., 1975, SIGPLAN Notices, V10, P234, DOI 10.1145/390016.808445
[55]  
Bratus S., 2008, TR2008634 DARTM COLL
[56]   Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations [J].
Brubaker, Chad ;
Jana, Suman ;
Ray, Baishakhi ;
Khurshid, Sarfraz ;
Shmatikov, Vitaly .
2014 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2014), 2014, :114-129
[57]  
Bruening D. L., 2004, THESIS MASSACHUSETTS
[58]  
Budi A, 2011, PLDI 11: PROCEEDINGS OF THE 2011 ACM CONFERENCE ON PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION, P447
[59]   Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware [J].
Caballero, Juan ;
Poosankam, Pongsin ;
McCamant, Stephen ;
Babic, Domagoj ;
Song, Dawn .
PROCEEDINGS OF THE 17TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'10), 2010, :413-425
[60]  
Caballero J, 2007, CCS'07: PROCEEDINGS OF THE 14TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P317
12345678910