Demystifying Fuzzing Strategies
Professor Yuqun Zhang
Department of Computer Science and Engineering
Southern University of Science and Technology
Fuzzing (or fuzz testing) refers to inputting invalid, unexpected, or random data to programs for exposing unexpected program behaviors (such as crashes, failing assertions, or memory leaks), which can be further inspected or analyzed to detect potential vulnerabilities/bugs. While recently there is a growing trend to propose new fuzzing techniques, limited attentions have been paid on studying their common/representative strategies, e.g., exploring why and how exactly their strategies work. In this talk, I will discuss a rather common fuzzing strategy, namely Havoc, which randomly mutates seeds via a mutator stacking mechanism and is widely adopted in coverage-guided fuzzers. I will show that essentially, it is Havoc which dominates the fuzzing effectiveness, including increasing coverage and exposing program bugs, rather than the strategies proposed by the coverage-guided fuzzers. Moreover, it can be rather simple to enhance the effectiveness of Havoc.
Yuqun Zhang is an Assistant Professor in the Department of Computer Science and Engineering at Southern University of Science and Technology, Shenzhen, China. His research focuses on exploring new general-purpose and domain-specific quality assurance methods for software. His research output on fuzzing and taint analysis has been deployed in Tencent and Alibaba to successfully detect hundreds of bugs/vulnerabilities. He received his PhD from UT Austin. He has been awarded one ACM SIGSOFT Distinguished Paper Award as well as one nominee.
Enquiries: Mr Jeff Liu (email@example.com)