FinFuzzer: One Step Further in Fuzzing Fintech Systems (ASE 2021 - Industry Showcase)

Write a Blog >>

Sun 14 - Sat 20 November 2021 Australia

Who

Qingshun Wang, Lihua Xu, Jun Xiao, Qi Guo, Haotian Zhang, Liang Dou, Liang He, Tao Xie

Track

ASE 2021 Industry Showcase

Time Zone

The program is currently displayed in (GMT+11:00) Hobart.

Use conference time zone: (GMT+11:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 16 Nov 2021 21:40 - 21:50 at Kangaroo - Fuzzing Applications Chair(s): Thuan Pham

Abstract

Comprehensive testing is of critical importance to ensure the reliability of software systems, especially for mission-critical systems such as FinTech systems. We share in this paper our observations of Ant Group’s status quo in testing their financial services. Specifically, the important influences over system execution path from both external environment settings and input object properties during automated fuzzing test process. To support these observations, we propose FinFuzzer, an automated fuzzing test framework that detects and transfers the corresponding environmental settings into system inputs, prioritizes the input object properties, and mutates system inputs on both environment settings and important object properties. We apply FinFuzzer to 4 projects developed in Ant Group, and the results show that our approach can surpass the state-of-art techniques in terms of test coverage in a much shorter time.

Qingshun Wang

East China Normal University

Lihua Xu

New York University Shanghai

Jun Xiao

Ant Group Co. Ltd.

Qi Guo

Ant Group Co. Ltd.

Haotian Zhang

Ant Group Co. Ltd.

Liang Dou

East China Normal University

Liang He

East China Normal University

Tao Xie

Peking University

China

Time Zone

The program is currently displayed in (GMT+11:00) Hobart.

Use conference time zone: (GMT+11:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Tue 16 Nov
Displayed time zone: Hobart change

21:00 - 22:00	Fuzzing ApplicationsResearch Papers / Industry Showcase / Tool Demonstrations at Kangaroo Chair(s): Thuan Pham The University of Melbourne

21:00 20m Talk		CorbFuzz: Checking Browser Security Policies with Fuzzing Research Papers Chaofan Shou University of California, Santa Barbara, Ismet Burak Kadron University of California at Santa Barbara, Qi Su University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara Pre-print
21:20 20m Talk		SMARTIAN : Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses Research Papers Jaeseung Choi KAIST, Doyeon Kim LINE Plus Corporation, Soomin Kim KAIST, Gustavo Grieco Trail of Bits, Alex Groce Northern Arizona University, Sang Kil Cha KAIST, South Korea
21:40 10m Talk		FinFuzzer: One Step Further in Fuzzing Fintech Systems Industry Showcase Qingshun Wang East China Normal University, Lihua Xu New York University Shanghai, Jun Xiao Ant Group Co. Ltd., Qi Guo Ant Group Co. Ltd., Haotian Zhang Ant Group Co. Ltd., Liang Dou East China Normal University, Liang He East China Normal University, Tao Xie Peking University
21:50 5m Talk		Scalable Fuzzing of Program Binaries with E9AFL Tool Demonstrations Xiang Gao National University of Singapore, Gregory J. Duck National University of Singapore, Abhik Roychoudhury National University of Singapore