Hybrid Fuzzing of Infrastructure as Code Programs (FUZZING 2025)

Who

Emilio Coppa, Daniel Sokolowski, Guido Salvaneschi

Track

FUZZING 2025

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Sat 28 Jun 2025 10:10 - 10:20 at Cosmos 3C - Morning 1

Abstract

Infrastructure as Code (IaC) has become a cornerstone of modern cloud and system deployment, enabling automated and repeatable infrastructure provisioning. However, ensuring the correctness of IaC programs remains challenging due to their complexity and dynamic nature. In particular, IaC programs can exhibit different behaviors depending on the state of the resources they manage. Since these resources are deployed on external providers, accounting for their possible states is difficult, making the testing phase particularly challenging. This paper presents HIT, a novel unit-testing framework for IaC programs that effectively tests IaC code using relevant resource states. HIT combines fuzzing and concolic execution, two effective yet previously unexplored techniques for IaC code. Our experiments confirm that HIT achieves better code coverage than state-of-the-art approaches.

Emilio Coppa

LUISS University

Italy

Daniel Sokolowski

University of St. Gallen

Switzerland

Guido Salvaneschi

University of St. Gallen

Switzerland

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Sat 28 Jun
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

09:00 - 10:30	Morning 1FUZZING at Cosmos 3C

09:00 10m Day opening		Welcome FUZZING
09:10 50m Keynote		Keynote: Constraining Fuzzing without Paying Too Much FUZZING Miryung Kim UCLA and Amazon Web Services
10:00 10m Talk		Personalized Fuzzing: A Case Study with the FANDANGO Fuzzer on a GNSS Module FUZZING Stephan Neuhaus ZHAW School of Engineering, José Antonio Zamudio Amaya CISPA Helmholtz Center for Information Security, Andreas Zeller CISPA Helmholtz Center for Information Security
10:10 10m Talk		Hybrid Fuzzing of Infrastructure as Code Programs FUZZING Emilio Coppa LUISS University, Daniel Sokolowski University of St. Gallen, Guido Salvaneschi University of St. Gallen
10:20 10m Talk		Towards Fuzzing Zero-Knowledge Proof Circuits FUZZING Stefanos Chaliasos Imperial College London, Imam Al-Fath ZKSecurity, Alastair F. Donaldson Imperial College London

Information for Participants

Sat 28 Jun 2025 09:00 - 10:30 at Cosmos 3C - Morning 1

Info for room Cosmos 3C:

Cosmos 3C is the third room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.