ISSTA 2022
Mon 18 - Fri 22 July 2022 Online
Wed 20 Jul 2022 16:20 - 16:40 at ISSTA 2 - Session 3-2: Fuzzing and Friends C Chair(s): Behnaz Hassanshahi
Fri 22 Jul 2022 00:40 - 01:00 at ISSTA 1 - Session 1-9: Fuzzing and Friends A

In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these successes, not all applications can be fuzzed efficiently. In particular, stateful applications such as network protocol implementations are constrained by their low fuzzing throughput and the need to develop fuzzing harnesses that reset their state and isolate their side effects.

In this paper, we present SnapFuzz, a novel fuzzing framework for network applications. SnapFuzz offers a robust architecture that transforms slow asynchronous network communication into fast synchronous communication, snapshots the target at the latest point at which it is safe to do so, speeds up all file operations by redirecting them to a custom in-memory filesystem, and removes the need for many fragile modifications, such as configuring time delays or writing clean-up scripts, together with several other improvements.

Using SnapFuzz, we fuzzed five popular networking applications: LightFTP, TinyDTLS, Dnsmasq, LIVE555 and Dcmqrscp. We report impressive performance speedups of 62.8x, 41.2x, 30.6x, 24.6x, and 8.4x, respectively, with significantly simpler fuzzing harnesses in all cases. Through its performance advantage, SnapFuzz has also found 12 extra crashes compared to AFLNet in these applications.

Wed 20 Jul

Displayed time zone: Seoul change

16:20 - 17:20
Session 3-2: Fuzzing and Friends CTechnical Papers at ISSTA 2
Chair(s): Behnaz Hassanshahi Oracle Labs, Australia
16:20
20m
Talk
SnapFuzz: High-Throughput Fuzzing of Network Applications
Technical Papers
Anastasios Andronidis Imperial College London, UK, Cristian Cadar Imperial College London, UK
DOI
16:40
20m
Talk
SLIME: Program-sensitive Energy Allocation for Fuzzing
Technical Papers
Chenyang Lyu Zhejiang University, Hong Liang Zhejiang University, Shouling Ji Zhejiang University, Xuhong Zhang Zhejiang University, Binbin Zhao Georgia Institute of Technology, Meng Han Binjiang Institute of Zhejiang University & Zhejiang University, Yun Li Huawei Technologies Co., Ltd., Zhe Wang State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Wenhai Wang Zhejiang University, Raheem Beyah Georgia Institute of Technology
DOI
17:00
20m
Talk
Almost Correct Invariants: Synthesizing Inductive Invariants by Fuzzing Proofs
Technical Papers
Sumit Lahiri Indian Institute Of Technology Kanpur, Subhajit Roy IIT Kanpur, India
DOI

Fri 22 Jul

Displayed time zone: Seoul change

00:00 - 01:00
Session 1-9: Fuzzing and Friends ATechnical Papers at ISSTA 1
00:00
20m
Talk
Almost Correct Invariants: Synthesizing Inductive Invariants by Fuzzing Proofs
Technical Papers
Sumit Lahiri Indian Institute Of Technology Kanpur, Subhajit Roy IIT Kanpur, India
DOI
00:20
20m
Talk
MDPFuzz: Testing Models Solving Markov Decision Processes
Technical Papers
Qi Pang HKUST, Yuanyuan Yuan The Hong Kong University of Science and Technology, Shuai Wang Hong Kong University of Science and Technology
DOI
00:40
20m
Talk
SnapFuzz: High-Throughput Fuzzing of Network Applications
Technical Papers
Anastasios Andronidis Imperial College London, UK, Cristian Cadar Imperial College London, UK
DOI