Home > Research > Publications & Outputs > MemFuzz

Links

Text available via DOI:

View graph of relations

MemFuzz: Using memory accesses to guide fuzzing

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Close
Publication date24/04/2019
Host publication2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST)
PublisherIEEE
Pages48-58
Number of pages11
ISBN (electronic)9781728117362
<mark>Original language</mark>English

Abstract

Fuzzing is a form of random testing that is widely used for finding bugs and vulnerabilities. State of the art approaches commonly leverage information about the control flow of prior executions of the program under test to decide which inputs to mutate further. By relying solely on control flow information to characterize executions, such approaches may miss relevant differences. We propose augmenting evolutionary fuzzing by additionally leveraging information about memory accesses performed by the target program. The resulting approach can leverage more sophisticated information about the execution of the target program, enhancing the effectiveness of the evolutionary fuzzing. We implement our approach as a modification of the widely used AFL fuzzer and evaluate our implementation on three widely used target applications. We find distinct crashes from those detected by AFL for all three targets in our evaluation.