Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Mon 20 Jul 2020 10:50 - 11:10 at Zoom - FUZZING Chair(s): Rody Kersten

Fuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed. Applications working with complex formats are however more difficult to take on, as inputs need to meet certain format-specific characteristics to get through the initial parsing stage and reach deeper behaviors of the program.

Unlike prior proposals based on manually written format specifications, we propose a technique to automatically generate and mutate inputs for unknown chunk-based binary formats. We identify dependencies between input bytes and comparison instructions, and use them to assign tags that characterize the processing logic of the program. Tags become the building block for structure-aware mutations involving chunks and fields of the input.

Our technique can perform comparably to structure-aware fuzzing proposals that require human assistance. Our prototype implementation WEIZZ revealed 16 unknown bugs in widely used programs.

Mon 20 Jul
Times are displayed in time zone: Tijuana, Baja California change

10:50 - 11:50: FUZZINGTechnical Papers at Zoom
Chair(s): Rody KerstenSynopsys, Inc.

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

10:50 - 11:10
WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
Technical Papers
Andrea FioraldiSapienza University Rome, Daniele Cono D'EliaSapienza University of Rome, Emilio CoppaSapienza University of Rome, Italy
DOI Pre-print Media Attached
11:10 - 11:30
Active Fuzzing for Testing and Securing Cyber-Physical Systems
Technical Papers
Yuqi ChenSingapore Management University, Bohan Xuan, Chris PoskittSingapore Management University, Jun SunSingapore Management University, Fan Zhang
DOI Pre-print Media Attached
11:30 - 11:50
Learning Input Tokens for Effective FuzzingArtifacts AvailableArtifacts Evaluated – Functional
Technical Papers
Björn MathisCISPA Helmholtz Center for Information Security, Rahul GopinathCISPA Helmholtz Center for Information Security, Andreas ZellerCISPA Helmholtz Center for Information Security
Link to publication DOI