Visualizing and Understanding the Internals of Fuzzing
Greybox fuzzing is one of the fuzzing techniques that is extensively being researched and used in practice. Plenty of publications propose improvements to greybox fuzzing. However, the extent to which these improvements really work and generalize is not yet understood: our preliminary study of the recent literature in greybox fuzzing showed that most papers evaluated their fuzzers in terms of runtime code coverage or bug-finding capability, although the improvements made were to the fuzzer’s internals. Results drawn from such experiments are insufficient to judge the impact the changes in the fuzzer’s internals have on its performance.
To understand fuzzing better, we thus propose to evaluate fuzzers more in depth. To this extent, we suggest (1) developing a fuzzing-specific visualization framework to support different analytic tasks and which is scalable and facilitates the effective comparison of fuzzing internals, and (2) developing an evaluation specification to automate the evaluation process and to enable one to evaluate claims directly using visualization analysis.
Realizing this vision will allow us to finally answer the following questions: How can one effectively visualize and compare fuzzing internals? And what internal changes between the fuzzers are responsible for their performance deviations?
Wed 30 OctDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 16:30 | Fuzzing 2Industry Showcase / NIER Track / Research Papers at Magnoila Chair(s): Marcel Böhme MPI-SP, Bochum | ||
15:30 15mTalk | Differential Fuzzing for Data Distribution Service Programs with Dynamic Configuration Research Papers Dohyun Ryu The Pennsylvania State University, Giyeol Kim The Pennsylvania State University, Daeun Lee Pusan National University, Seongjin Kim The Pennsylvania State University, Seungjin Bae The Pennsylvania State University, Junghwan Rhee University of Central Oklahoma, Taegyu Kim The Pennsylvania State University | ||
15:45 15mTalk | Seeding and Mocking in White-Box Fuzzing Enterprise RPC APIs: An Industrial Case Study Industry Showcase Man Zhang Beihang University, China, Andrea Arcuri Kristiania University College and Oslo Metropolitan University, Piyun Teng Meituan, kaiming.xue Meituan, Wenhao Wang Meituan | ||
16:00 15mTalk | Industry Practice of Directed Kernel Fuzzing for Open-source Linux Distribution Industry Showcase Heyuan Shi Central South University, Shijun chen Central South University, Runzhe Wang Alibaba Group, Yuhan Chen Central South Sniversity, Weibo Zhang Central South University, Qiang Zhang Hunan University, Yuheng Shen Tsinghua University, Xiaohai Shi Alibaba Group, Chao Hu Central South University, Yu Jiang Tsinghua University | ||
16:15 10mTalk | Visualizing and Understanding the Internals of Fuzzing NIER Track Sriteja Kummita Fraunhofer Institute for Mechatronic Systems Design (Fraunhofer IEM), Zenong Zhang The University of Texas - Dallas, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Shiyi Wei University of Texas at Dallas | ||