On Evaluating Fuzzers with Context-Sensitive Fuzzed Inputs: A Case Study on PKCS#1-v1.5 (SBFT 2025)

Who

S Mahmudul Hasan, Polina Kozyreva, Endadul Hoque

Track

SBFT 2025 Search-Based and Fuzz testing

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 28 Apr 2025 12:15 - 12:30 at 104 - Keynote 2 and Paper Presentations 1 Chair(s): Vincenzo Riccio

Abstract

Cryptographic standards like the PKCS#1-v1.5 signature scheme for RSA are essential for secure digital communications, yet cryptographic libraries remain vulnerable. Fuzzing, a security testing technique, often struggles to detect memory-safety bugs in these libraries due to the need for context-sensitive inputs—those with complex semantic relationships between their fields. This paper presents a preliminary study that evaluates 7 uzzers for their ability to generate such inputs across 5 libraries implementing the PKCS#1-v1.5 signature verification scheme. Our findings reveal performance variations among the fuzzers and highlight their limitations with context-sensitive inputs.

S Mahmudul Hasan

Syracuse University

Polina Kozyreva

Syracuse University

Endadul Hoque

Syracuse University

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 28 Apr
Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30	Keynote 2 and Paper Presentations 1SBFT at 104 Chair(s): Vincenzo Riccio University of Udine

11:00 60m Keynote		Keynote by Marcel Böhme SBFT Marcel Böhme MPI for Security and Privacy
12:00 15m Research paper		DeepUIFuzz: A Guided Fuzzing Strategy for Testing UI Component Detection Models SBFT Proma Chowdhury University of Dhaka, Kazi Sakib Institute of Information Technology, University of Dhaka
12:15 15m Research paper		On Evaluating Fuzzers with Context-Sensitive Fuzzed Inputs: A Case Study on PKCS#1-v1.5 SBFT S Mahmudul Hasan Syracuse University, Polina Kozyreva Syracuse University, Endadul Hoque Syracuse University