Results 191 to 200 of about 283 (220)
Some of the next articles are maybe not open access.
AFLPro: Direction sensitive fuzzing
Journal of Information Security and Applications, 2020Abstract Fuzzing is a simple and popular technique that has been widely used to detect vulnerabilities in software. However, due to its blind mutation, fuzzing brings many limitations. First, it is difficult for fuzzing to pass the sanity checks, which makes fuzzing unable to target vulnerability or crash locations effectively.
Tiantian Ji +6 more
openaire +1 more source
Multiple Targets Directed Greybox Fuzzing
IEEE Transactions on Dependable and Secure ComputingHongliang Liang
exaly +2 more sources
Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2019
To be effective, software test generation needs to well cover the space of possible inputs. Traditional fuzzing generates large numbers of random inputs, which however are unlikely to contain keywords and other specific inputs of non-trivial input languages.
Björn Mathis +5 more
openaire +1 more source
To be effective, software test generation needs to well cover the space of possible inputs. Traditional fuzzing generates large numbers of random inputs, which however are unlikely to contain keywords and other specific inputs of non-trivial input languages.
Björn Mathis +5 more
openaire +1 more source
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017
Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stack-trace of a reported vulnerability that we wish to reproduce.
Marcel Böhme +3 more
openaire +1 more source
Existing Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stack-trace of a reported vulnerability that we wish to reproduce.
Marcel Böhme +3 more
openaire +1 more source
Greyhound: Directed Greybox Wi-Fi Fuzzing
IEEE Transactions on Dependable and Secure Computing, 2022The recent rise in complex Wi-Fi vulnerabilities indicates the critical need for effective Wi-Fi protocol testing tools. We present a directed fuzzing methodology named GREYHOUND that automatically tests the Wi-Fi client implementations against vulnerabilities like crashes or non-compliant behaviours.
Matheus E. Garbelini +2 more
openaire +1 more source
Sequence Coverage Directed Greybox Fuzzing
2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC), 2019Existing directed fuzzers are not efficient enough. Directed symbolic-execution-based whitebox fuzzers, e.g. BugRedux, spend lots of time on heavyweight program analysis and constraints solving at runtime. Directed greybox fuzzers, such as AFLGo, perform well at runtime, but considerable calculation during instrumentation phase hinders the overall ...
Hongliang Liang +4 more
openaire +1 more source
Proceedings of the 7th International Conference on Software and Information Engineering, 2018
Fuzzing is a widely used technology to find vulnerabilities, but the current technology is mostly based on coverage and there are relatively few research in the field of directed fuzzing. In this paper, a parallelized testing technique combining directed fuzzing and concolic execution will be proposed.
Xiaobin Song, Zehui Wu, Yunchao Wang
openaire +1 more source
Fuzzing is a widely used technology to find vulnerabilities, but the current technology is mostly based on coverage and there are relatively few research in the field of directed fuzzing. In this paper, a parallelized testing technique combining directed fuzzing and concolic execution will be proposed.
Xiaobin Song, Zehui Wu, Yunchao Wang
openaire +1 more source
SimFuzz: Test case similarity directed deep fuzzing
Journal of Systems and Software, 2012Fuzzing is widely used to detect software vulnerabilities. Blackbox fuzzing does not require program source code. It mutates well-formed inputs to produce new ones. However, these new inputs usually do not exercise deep program semantics since the possibility that they can satisfy the conditions of a deep program state is low.
Dazhi Zhang +6 more
openaire +1 more source
Guiding Directed Fuzzing with Feasibility
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2023Weiheng Bai +3 more
openaire +1 more source
RegFuzz: A Linear Regression-Based Approach for Seed Scheduling in Directed Fuzzing
Electronics (Switzerland), 2023Yingpei Zeng
exaly +2 more sources

