Fri 22 Jul 2022 00:40 - 01:00 at ISSTA 1 - Session 1-9: Fuzzing and Friends A
In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these successes, not all applications can be fuzzed efficiently. In particular, stateful applications such as network protocol implementations are constrained by their low fuzzing throughput and the need to develop fuzzing harnesses that reset their state and isolate their side effects.
In this paper, we present SnapFuzz, a novel fuzzing framework for network applications. SnapFuzz offers a robust architecture that transforms slow asynchronous network communication into fast synchronous communication, snapshots the target at the latest point at which it is safe to do so, speeds up all file operations by redirecting them to a custom in-memory filesystem, and removes the need for many fragile modifications, such as configuring time delays or writing clean-up scripts, together with several other improvements.
Using SnapFuzz, we fuzzed five popular networking applications: LightFTP, TinyDTLS, Dnsmasq, LIVE555 and Dcmqrscp. We report impressive performance speedups of 62.8x, 41.2x, 30.6x, 24.6x, and 8.4x, respectively, with significantly simpler fuzzing harnesses in all cases. Through its performance advantage, SnapFuzz has also found 12 extra crashes compared to AFLNet in these applications.
Wed 20 JulDisplayed time zone: Seoul change
16:20 - 17:20 | Session 3-2: Fuzzing and Friends CTechnical Papers at ISSTA 2 Chair(s): Behnaz Hassanshahi Oracle Labs, Australia | ||
16:20 20mTalk | SnapFuzz: High-Throughput Fuzzing of Network Applications Technical Papers DOI | ||
16:40 20mTalk | SLIME: Program-sensitive Energy Allocation for Fuzzing Technical Papers Chenyang Lyu Zhejiang University, Hong Liang Zhejiang University, Shouling Ji Zhejiang University, Xuhong Zhang Zhejiang University, Binbin Zhao Georgia Institute of Technology, Meng Han Binjiang Institute of Zhejiang University & Zhejiang University, Yun Li Huawei Technologies Co., Ltd., Zhe Wang State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Wenhai Wang Zhejiang University, Raheem Beyah Georgia Institute of Technology DOI | ||
17:00 20mTalk | Almost Correct Invariants: Synthesizing Inductive Invariants by Fuzzing Proofs Technical Papers DOI |
Fri 22 JulDisplayed time zone: Seoul change
00:00 - 01:00 | |||
00:00 20mTalk | Almost Correct Invariants: Synthesizing Inductive Invariants by Fuzzing Proofs Technical Papers DOI | ||
00:20 20mTalk | MDPFuzz: Testing Models Solving Markov Decision Processes Technical Papers Qi Pang HKUST, Yuanyuan Yuan The Hong Kong University of Science and Technology, Shuai Wang Hong Kong University of Science and Technology DOI | ||
00:40 20mTalk | SnapFuzz: High-Throughput Fuzzing of Network Applications Technical Papers DOI |