Modern fuzzing tools like AFL operate at a lexical level: They explore the input space of tested programs one byte after another. For inputs with complex syntactical properties, this is very inefficient, as keywords and other tokens have to be composed one character at a time. Fuzzers thus allow to specify dictionaries listing possible tokens the input can be composed from; such dictionaries speed up fuzzers dramatically. Also, fuzzers make use of dynamic tainting to track input tokens and infer values that are expected in the input validation phase. Unfortunately, such tokens are usually implicitly converted to program specific values which causes a loss of the taints attached to the input data in the lexical phase.
Mon 20 Jul Times are displayed in time zone: Tijuana, Baja California change
|10:50 - 11:10|
Andrea FioraldiSapienza University Rome, Daniele Cono D'EliaSapienza University of Rome, Emilio CoppaSapienza University of Rome, ItalyDOI Pre-print Media Attached
|11:10 - 11:30|
Yuqi ChenSingapore Management University, Bohan Xuan, Chris PoskittSingapore Management University, Jun SunSingapore Management University, Fan ZhangDOI Pre-print Media Attached
|11:30 - 11:50|
Björn MathisCISPA Helmholtz Center for Information Security, Rahul GopinathCISPA Helmholtz Center for Information Security, Andreas ZellerCISPA Helmholtz Center for Information SecurityLink to publication DOI