PeachCI: Scalable Continuous Integration of Generation-Based Protocol Fuzzing
Continuous integration (CI) of protocol fuzzing is important to enhance the efficiency of fuzzing. However, current CI architecture only focus on mutation-based fuzzers, which neglects generation-based fuzzers. Even worse, it make fuzzers and target protocol into a single Docker image and use a simple front-end, which suffers the practical integration with enterprise-level monitoring and data visualization platforms. In this paper, we designed and implemented a scalable continuous integration platform for generation-based protocol fuzzing, PeachCI. PeachCI decoupling the fuzzer from the target protocol, with each component encapsulated in its own Docker image, enabling fuzzing through inter-container communication. Furthermore, the platform integrates with the widely-used systems and service monitoring system Prometheus, and the data visualization platform Grafana, using Pit files as inputs and displaying the results through Grafana. It supports parallel fuzzing and uses branch coverage as a key evaluation metric, which allows for comparison of the effectiveness of various generation-based fuzzers. The experimental results demonstrate that PeachCI is an effective method for evaluating the performance of different fuzzers and provides robust support for the network protocol fuzzing.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 15:30 | Fuzzing 1Demonstrations / Research Papers / Journal First at Cosmos 3C Chair(s): Shin Hwei Tan Concordia University | ||
14:00 20mTalk | Liberating libraries through automated fuzz driver generation: Striking a Balance Without Consumer Code Research Papers Flavio Toffalini EPFL, Switzerland and Ruhr-Universität Bochum, Germany, Nicolas Badoux EPFL, Zurab Tsinadze EPFL, Mathias Payer EPFL DOI | ||
14:20 20mTalk | Presentation Proposal for: Finding Information Leaks with Information Flow Fuzzing Journal First Bernd Gruner German Aerospace Center (DLR), Institute of Data Science, Clemens-Alexander Brust German Aerospace Center (DLR), Andreas Zeller CISPA Helmholtz Center for Information Security | ||
14:40 20mTalk | MendelFuzz: The Return of the Deterministic Stage Research Papers Han Zheng EPFL, Flavio Toffalini EPFL, Switzerland and Ruhr-Universität Bochum, Germany, Marcel Böhme MPI for Security and Privacy, Mathias Payer EPFL DOI | ||
15:00 10mTalk | PeachCI: Scalable Continuous Integration of Generation-Based Protocol Fuzzing Demonstrations Wanli Chen Central South University, Yuanliang Chen Tsinghua University, Fuchen Ma Tsinghua University, Ruikang Peng Central South University, Qi Xu Tsinghua University, Yu Jiang Tsinghua University, Qiang Fu Central South University, Heyuan Shi Central South University | ||
15:10 10mTalk | Widening The Adoption of Web API Fuzzing: Docker, GitHub Action and Python Support for EvoMaster Demonstrations Andrea Arcuri Kristiania University of Applied Sciences, Philip Garrett Kristiania University of Applied Sciences, Juan Pablo Galeotti University of Buenos Aires, Man Zhang Beihang University, China |
Cosmos 3C is the third room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.