loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Marcello Maugeri 1 ; Cristian Daniele 2 ; Giampaolo Bella 1 and Erik Poll 2

Affiliations: 1 Department of Maths and Computer Science, University of Catania, Catania, Italy ; 2 Department of Digital Security, Radboud University, Nijmegen, The Netherlands

Keyword(s): Fuzzing, Fork, Security Testing, Software Security.

Abstract: Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies on the instrumentation of the system to generate inputs able to cover as much code as possible. The success of this approach is also due to its usability as fuzzing techniques research approaches that do not require (or only partial require) human interactions. Despite the efforts, devising a fully-automated fuzzer still seems to be a challenging task. Target systems may be very complex; they may integrate cryptographic primitives, compute and verify check-sums and employ forks to enhance the system security, achieve better performances or manage different connections at the same time. This paper introduces the fork-awareness property to e xpress the fuzzer ability to manage systems using forks. This property is leveraged to evaluate 14 of the most widely coverage-guided fuzzers and highlight how current fuzzers are ineffective against systems using forks. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.225.56.78

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Maugeri, M.; Daniele, C.; Bella, G. and Poll, E. (2023). Evaluating the Fork-Awareness of Coverage-Guided Fuzzers. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 424-429. DOI: 10.5220/0011648600003405

@conference{icissp23,
author={Marcello Maugeri. and Cristian Daniele. and Giampaolo Bella. and Erik Poll.},
title={Evaluating the Fork-Awareness of Coverage-Guided Fuzzers},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={424-429},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011648600003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
SN - 978-989-758-624-8
IS - 2184-4356
AU - Maugeri, M.
AU - Daniele, C.
AU - Bella, G.
AU - Poll, E.
PY - 2023
SP - 424
EP - 429
DO - 10.5220/0011648600003405
PB - SciTePress