ICSE 2025 (series) / SBFT 2025 (series) / SBFT 2025 /
Multi-Phase Taint Analysis for JSON Inference in Search-Based Fuzzing
As software applications grow increasingly complex, particularly in their input formats, testing these applications becomes a challenging endeavor. Automated testing techniques, such as search-based white-box fuzzing, have shown promise in addressing these challenges. However, generating well-formed inputs for fuzzing remains a significant obstacle. In this paper, we present novel techniques as an academic proof-of-concept for automatically inferring JSON-based schemas to enhance search-based white-box fuzzing, focusing on Java and Kotlin applications. Our work offers an alternative approach to black-box grammar-based fuzzing.
Mon 28 AprDisplayed time zone: Eastern Time (US & Canada) change
Mon 28 Apr
Displayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | Paper Presentations 2 and Tutorial 1SBFT at 104 Chair(s): Alessio Gambi Austrian Institute of Technology (AIT) | ||
14:00 15mResearch paper | Differential Performance Fuzzing of Configuration Options SBFT Haesue Baik University of Michigan, Chenyang Yang , Vasudev Vikram Carnegie Mellon University, Pooyan Jamshidi University of South Carolina, Rohan Padhye Carnegie Mellon University, Christian Kästner Carnegie Mellon University | ||
14:15 15mResearch paper | Multi-Phase Taint Analysis for JSON Inference in Search-Based Fuzzing SBFT Susruthan Seran , Onur Duman Kristiania University College, Andrea Arcuri Kristiania University College and Oslo Metropolitan University | ||
14:30 60mTutorial | Tutorial by Seongmin Lee SBFT Seongmin Lee Max Planck Institute for Security and Privacy (MPI-SP) | ||