Home > Research > Publications & Outputs > MemFuzz

Links

Text available via DOI:

View graph of relations

MemFuzz: Using memory accesses to guide fuzzing

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

MemFuzz : Using memory accesses to guide fuzzing. / Coppik, N.; Schwahn, O.; Suri, Neeraj.

2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). IEEE, 2019. p. 48-58.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Coppik, N, Schwahn, O & Suri, N 2019, MemFuzz: Using memory accesses to guide fuzzing. in 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). IEEE, pp. 48-58. https://doi.org/10.1109/ICST.2019.00015

APA

Coppik, N., Schwahn, O., & Suri, N. (2019). MemFuzz: Using memory accesses to guide fuzzing. In 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST) (pp. 48-58). IEEE. https://doi.org/10.1109/ICST.2019.00015

Vancouver

Coppik N, Schwahn O, Suri N. MemFuzz: Using memory accesses to guide fuzzing. In 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). IEEE. 2019. p. 48-58 https://doi.org/10.1109/ICST.2019.00015

Author

Coppik, N. ; Schwahn, O. ; Suri, Neeraj. / MemFuzz : Using memory accesses to guide fuzzing. 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST). IEEE, 2019. pp. 48-58

Bibtex

@inproceedings{e91b969bbdb84e169c7a6b8a4211493c,
title = "MemFuzz: Using memory accesses to guide fuzzing",
abstract = "Fuzzing is a form of random testing that is widely used for finding bugs and vulnerabilities. State of the art approaches commonly leverage information about the control flow of prior executions of the program under test to decide which inputs to mutate further. By relying solely on control flow information to characterize executions, such approaches may miss relevant differences. We propose augmenting evolutionary fuzzing by additionally leveraging information about memory accesses performed by the target program. The resulting approach can leverage more sophisticated information about the execution of the target program, enhancing the effectiveness of the evolutionary fuzzing. We implement our approach as a modification of the widely used AFL fuzzer and evaluate our implementation on three widely used target applications. We find distinct crashes from those detected by AFL for all three targets in our evaluation.",
keywords = "Fuzzing, Software Testing, Verification, Control flows, Memory access, Random testing, State-of-the-art approach, Target application, Software testing",
author = "N. Coppik and O. Schwahn and Neeraj Suri",
year = "2019",
month = apr,
day = "24",
doi = "10.1109/ICST.2019.00015",
language = "English",
pages = "48--58",
booktitle = "2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST)",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - MemFuzz

T2 - Using memory accesses to guide fuzzing

AU - Coppik, N.

AU - Schwahn, O.

AU - Suri, Neeraj

PY - 2019/4/24

Y1 - 2019/4/24

N2 - Fuzzing is a form of random testing that is widely used for finding bugs and vulnerabilities. State of the art approaches commonly leverage information about the control flow of prior executions of the program under test to decide which inputs to mutate further. By relying solely on control flow information to characterize executions, such approaches may miss relevant differences. We propose augmenting evolutionary fuzzing by additionally leveraging information about memory accesses performed by the target program. The resulting approach can leverage more sophisticated information about the execution of the target program, enhancing the effectiveness of the evolutionary fuzzing. We implement our approach as a modification of the widely used AFL fuzzer and evaluate our implementation on three widely used target applications. We find distinct crashes from those detected by AFL for all three targets in our evaluation.

AB - Fuzzing is a form of random testing that is widely used for finding bugs and vulnerabilities. State of the art approaches commonly leverage information about the control flow of prior executions of the program under test to decide which inputs to mutate further. By relying solely on control flow information to characterize executions, such approaches may miss relevant differences. We propose augmenting evolutionary fuzzing by additionally leveraging information about memory accesses performed by the target program. The resulting approach can leverage more sophisticated information about the execution of the target program, enhancing the effectiveness of the evolutionary fuzzing. We implement our approach as a modification of the widely used AFL fuzzer and evaluate our implementation on three widely used target applications. We find distinct crashes from those detected by AFL for all three targets in our evaluation.

KW - Fuzzing

KW - Software Testing

KW - Verification

KW - Control flows

KW - Memory access

KW - Random testing

KW - State-of-the-art approach

KW - Target application

KW - Software testing

U2 - 10.1109/ICST.2019.00015

DO - 10.1109/ICST.2019.00015

M3 - Conference contribution/Paper

SP - 48

EP - 58

BT - 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST)

PB - IEEE

ER -