Fuzzing is an essential method for finding vulnerabilities. Conventional fuzzing looks across a wide input space, but it can’t handle systems that need intricate and specialized input patterns. Grammar-based fuzzing uses formal grammars to shape the inputs the fuzzer generates. This method is crucial for directing fuzzers to generate complicated inputs that adhere to syntactical requirements. However, existing approaches are biased towards certain input features, leading to significant portions of the solution space being under-explored or ignored. In this paper, we review the state-of-the-art methods, emphasizing the limitations of grammar-based fuzzing, and we provide a first approach for incorporating distribution sampling into fuzzing, accompanied by encouraging first findings. This work can represent a significant step towards achieving comprehensive input space exploration in grammar-based fuzzing, with implications for enhancing the robustness and reliability of the fuzzing targets.
Tue 17 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00 | |||
13:30 15mTalk | Shaping Test Inputs in Grammar-Based Fuzzing Doctoral Symposium S: José Antonio Zamudio Amaya CISPA Helmholtz Center for Information Security, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
13:45 10mTalk | Graph Learning for Extract Class Refactoring Doctoral Symposium S: Luqiao Wang Xidian University, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
13:55 10mTalk | With Biabduction towards Memory Safety across the Rust-C-FFI Doctoral Symposium S: Florian Sextl TU Wien, Austria, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:05 10mTalk | Decentralized Near-Synchronous Local-First Programming Collaboration Doctoral Symposium S: Leon Freudenthaler FH Campus Wien, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:15 10mTalk | Quality Assurance For Non-Trivial Systems: Use Case GCC Plugins Doctoral Symposium S: Nimantha Kariyakarawana DistriNet-KU Leuven, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:25 10mTalk | Collaboration to Repository-Level Vulnerability Detection Doctoral Symposium S: Xin-Cheng Wen Harbin Institute of Technology, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:35 15mTalk | Learning the Effects of Software Changes Doctoral Symposium S: Laura Plein CISPA Helmholtz Center for Information Security, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||