Results 191 to 200 of about 283 (220)
Some of the next articles are maybe not open access.

AFLPro: Direction sensitive fuzzing

Journal of Information Security and Applications, 2020
Abstract Fuzzing is a simple and popular technique that has been widely used to detect vulnerabilities in software. However, due to its blind mutation, fuzzing brings many limitations. First, it is difficult for fuzzing to pass the sanity checks, which makes fuzzing unable to target vulnerability or crash locations effectively.
Tiantian Ji   +6 more
openaire   +1 more source

Multiple Targets Directed Greybox Fuzzing

IEEE Transactions on Dependable and Secure Computing
Hongliang Liang
exaly   +2 more sources

Parser-directed fuzzing

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2019
To be effective, software test generation needs to well cover the space of possible inputs. Traditional fuzzing generates large numbers of random inputs, which however are unlikely to contain keywords and other specific inputs of non-trivial input languages.
Björn Mathis   +5 more
openaire   +1 more source

Directed Greybox Fuzzing

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017
Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stack-trace of a reported vulnerability that we wish to reproduce.
Marcel Böhme   +3 more
openaire   +1 more source

Greyhound: Directed Greybox Wi-Fi Fuzzing

IEEE Transactions on Dependable and Secure Computing, 2022
The recent rise in complex Wi-Fi vulnerabilities indicates the critical need for effective Wi-Fi protocol testing tools. We present a directed fuzzing methodology named GREYHOUND that automatically tests the Wi-Fi client implementations against vulnerabilities like crashes or non-compliant behaviours.
Matheus E. Garbelini   +2 more
openaire   +1 more source

Sequence Coverage Directed Greybox Fuzzing

2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC), 2019
Existing directed fuzzers are not efficient enough. Directed symbolic-execution-based whitebox fuzzers, e.g. BugRedux, spend lots of time on heavyweight program analysis and constraints solving at runtime. Directed greybox fuzzers, such as AFLGo, perform well at runtime, but considerable calculation during instrumentation phase hinders the overall ...
Hongliang Liang   +4 more
openaire   +1 more source

Directer

Proceedings of the 7th International Conference on Software and Information Engineering, 2018
Fuzzing is a widely used technology to find vulnerabilities, but the current technology is mostly based on coverage and there are relatively few research in the field of directed fuzzing. In this paper, a parallelized testing technique combining directed fuzzing and concolic execution will be proposed.
Xiaobin Song, Zehui Wu, Yunchao Wang
openaire   +1 more source

SimFuzz: Test case similarity directed deep fuzzing

Journal of Systems and Software, 2012
Fuzzing is widely used to detect software vulnerabilities. Blackbox fuzzing does not require program source code. It mutates well-formed inputs to produce new ones. However, these new inputs usually do not exercise deep program semantics since the possibility that they can satisfy the conditions of a deep program state is low.
Dazhi Zhang   +6 more
openaire   +1 more source

Guiding Directed Fuzzing with Feasibility

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2023
Weiheng Bai   +3 more
openaire   +1 more source

Home - About - Disclaimer - Privacy