ISSTA

The hacker culture of my youth (90s) was a very typical male-centric teenage subculture, with norms and value systems that were at odds with broader society. In my particular corner of the culture, the term ‘fuzz-tester’ was used as a derogatory put-down ...

Discussion of AI and its applications to security seems unavoidable nowadays, and, alas, this keynote is no exception. But is it actually useful for problems we care about, like fuzzing? In classic academic fashion I will answer “maybe” at great length, ...

Parametric generators are a simple way to combine coverage-guided and generator-based fuzzing. Parametric generators can be thought of as decoders of an arbitrary byte sequence into a structured input. This allows mutations on the byte sequence to map to ...

Greybox fuzzing is used extensively in research and practice. There are umpteen improvements proposed in the literature to improve greybox fuzzing. However, to what extent do these improvements affect the internal components (or internals) of a given ...

By monitoring the execution of the program under test, fuzzers can gather feedback on how different inputs affect the program’s behavior and detect crashes and other abnormal behaviors. To achieve these objectives, fuzzers typically rely on a static ...

Fuzzing best practices suggest that fuzzing should be run for at least 24 hours, if not longer. This recommendation makes it hard to integrate fuzzing into CI/CD contexts, to rapidly check a commit for bugs. Existing studies on CI/CD fuzzing simulated a ...

Compiler fuzzing with randomly generated input programs is a powerful technique for finding compiler crashes and miscompilation bugs. Existing fuzzers for compilers are often unguided and must be manually parameterized to cover different parts of the ...

Deploying fuzzing within CI/CD pipelines can help ensure safe and secure code evolution. Directed greybox fuzzing techniques such as AFLGo are a good match for the CI/CD context. These techniques prioritise inputs based on estimated distances to the ...

Dynamic symbolic execution is a powerful program analysis technique but is often limited by the path-explosion problem, particularly in the presence of heavily branching loops. In this paper, we introduce sparse symbolic loop execution (SSLE), a novel ...

In this article we propose a methodology based on fuzzing to test which features are supported by pasers and register an experiment applying this methodology to SystemVerilog-consuming tools. SystemVerilog is a hardware description, specification and ...

Coverage-based fuzzers track which program parts they visit when executing a specific input as a proxy measure to (1) guide the fuzzing process, and (2) explore the PUT's state space. One way to record coverage progress is to enumerate basic block pairs ...