Write a Blog >>
Tue 11 Oct 2022 14:20 - 14:40 at Banquet B - Technical Session 7 - Fuzzing II Chair(s): Karine Even-Mendoza

Fuzzing has been an important approach for finding bugs and vulnerabilities in programs. Many fuzzers deployed in industry run daily and can generate an overwhelming number of crashes. Diagnosing such crashes can be very challenging and time consuming. Existing fuzzers typically employ heuristics such as code coverage or call stack hashes to weed out duplicate reporting of bugs. While these heuristics are cheap, they are often imprecise and end up still reporting many “unique” crashes corresponding to the same bug. In this paper, we present \textit{FuzzerAid} that uses \textit{fault signatures} to group crashes reported by the fuzzers. Fault signature is a small executable program and consists of a selection of necessary statements from the original program that can reproduce a bug. In our approach, we first generate a fault signature using a given crash. We then execute the fault signature with other crash inducing inputs. If the failure is reproduced, we classify the crashes into the group labeled with the fault signature; if not, we generate a new fault signature. After all the crash inducing inputs are classified, we further merge the fault signatures of the same root cause into a group. We implemented our approach in a tool called \textit{FuzzerAid} and evaluated it on 3020 crashes generated from 15 real-world bugs and 4 large open source projects. Our evaluation shows that we are able to correctly group 99.1% of the crashes and reported only 17 (+2) “unique” bugs, outperforming the state-of-the-art fuzzers.

Tue 11 Oct

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Technical Session 7 - Fuzzing IIResearch Papers at Banquet B
Chair(s): Karine Even-Mendoza Imperial College London
14:00
20m
Research paper
So Many Fuzzers, So Little Time - Experience from Evaluating Fuzzers on the Contiki-NG Network (Hay)StackVirtual
Research Papers
Clement Poncelet Uppsala University, Konstantinos (Kostis) Sagonas Uppsala University and Nat. Tech. Univ. of Athens, Nicolas Tsiftes RISE Research Institutes of Sweden
DOI Pre-print
14:20
20m
Research paper
FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures
Research Papers
Ashwin Kallingal Joshy Iowa State University, Wei Le Iowa State University
14:40
20m
Research paper
QATest: A Uniform Fuzzing Framework for Question Answering SystemsVirtualACM SIGSOFT Distinguished Paper Award
Research Papers
Zixi Liu Nanjing University, Yang Feng Nanjing University, Yining Yin Nanjing University, China, Jingyu Sun Nanjing University, Zhenyu Chen Nanjing University, Baowen Xu Nanjing University
15:00
20m
Research paper
Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-guided FuzzingVirtual
Research Papers
Jianzhong Su Sun Yat-sen University, Hong-Ning Dai Hong Kong Baptist University, Lingjun Zhao Sun Yat-sen University, Zibin Zheng School of Data and Computer Science, Sun Yat-sen University, Xiapu Luo Hong Kong Polytechnic University