Targeted Greybox Fuzzing with Static Lookahead AnalysisTechnical
Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely to contain bugs by using an offline static analysis.
In this paper, we introduce a novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified parts of the program. This is achieved by first semantically analyzing each program path that is explored by an input in the fuzzer’s test suite. The results of this analysis are then used to control the fuzzer’s specialized power schedule, which determines how often to fuzz inputs from the test suite. We implemented our technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an online analysis is particularly suitable for the domain of smart contracts since it does not require any code instrumentation—adding instrumentation to contracts changes their semantics. Our experiments show that targeted fuzzing significantly outperforms standard greybox fuzzing for reaching 83% of the challenging target locations (up to 14x of median speed-up).
Tue 7 JulDisplayed time zone: (UTC) Coordinated Universal Time change
07:00 - 08:00 | I2-SecurityNew Ideas and Emerging Results / Technical Papers at Goguryeo Chair(s): Andrea Stocco Università della Svizzera italiana | ||
07:00 12mTalk | Targeted Greybox Fuzzing with Static Lookahead AnalysisTechnical Technical Papers Pre-print | ||
07:12 12mTalk | HyDiff: Hybrid Differential Software Analysis Technical Papers Yannic Noller Humboldt-Universität zu Berlin, Corina S. Pasareanu Carnegie Mellon University Silicon Valley, NASA Ames Research Center, Marcel Böhme Monash University, Youcheng Sun Queen's University Belfast, Hoang Lam Nguyen Humboldt-Universität zu Berlin, Lars Grunske Humboldt-Universität zu Berlin Pre-print | ||
07:24 12mTalk | Towards Characterizing Adversarial Defects of Deep Learning Software from the Lens of UncertaintyTechnical Technical Papers Xiyue Zhang Peking University, Xiaofei Xie Nanyang Technological University, Lei Ma Kyushu University, Xiaoning Du Nanyang Technological University, Qiang Hu Kyushu University, Japan, Yang Liu Nanyang Technological University, Singapore, Jianjun Zhao Kyushu University, Meng Sun Peking University Pre-print | ||
07:36 12mTalk | One Size Does Not Fit All: A Grounded Theory and Online Survey Study of Developer Preferences for Security Warning TypesTechnical Technical Papers Anastasia Danilova University of Bonn, Alena Naiakshina University of Bonn, Matthew Smith University of Bonn, Fraunhofer FKIE | ||
07:48 6mTalk | Hey, my data are mine! Active data to empower the userNIER New Ideas and Emerging Results Gian Luca Scoccia University of L'Aquila, Matteo Maria Fiore University of L'Aquila, Patrizio Pelliccione University of L'Aquila and Chalmers | University of Gothenburg, Marco Autili University of L'Aquila, Italy, Paola Inverardi University of L'Aquila, Alejandro Russo Chalmers University of Technology, Sweden | ||
07:54 6mTalk | Threat modeling: from infancy to maturityNIER New Ideas and Emerging Results Koen Yskout imec - DistriNet, KU Leuven, Thomas Heyman Toreon, Dimitri Van Landuyt Katholieke Universiteit Leuven, Laurens Sion imec-DistriNet, KU Leuven, Kim Wuyts imec-DistriNet, KU Leuven, Wouter Joosen Katholieke Universiteit Leuven Pre-print | ||