Fuzzing: A Survey for Roadmap

Zhu, Xiaogang; Wen, Sheng; Camtepe, Seyit; Xiang, Yang

doi:10.1145/3512345

Cited by 107 publications

(39 citation statements)

References 162 publications

(309 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Seeds submission is fundamental in developing fuzzers since it heavily impacts fuzzing efficiency [14]. To this end, we estimate how IRIS is efficient in reaching VM states compared to the real guest VM execution.…”

Section: Efficiencymentioning

confidence: 99%

“…In the literature, the problem is being tackled by fuzz testing, which has proven to be very effective for security isolation assessment since it can reveal new vulnerabilities and bugs in complex software systems, including hypervisors [14]. The common fuzzing loop for hypervisors is implemented by i) submitting a sequence of VM operations (or reverting a VM snapshot), to bring the VM into a given state (and its corresponding hypervisor state) and then ii) submitting fuzzing input (the corrupted seed) to the hypervisor from the reached VM state.…”

Section: Introductionmentioning

confidence: 99%

“…Last, reaching a new VM state (e.g., setting a new CPU physical state) requires a deep knowledge of the underlying hardware (i.e., the knowledge of an operating system). Trying to reach valid VM states from a dumb sequence of inputs risks incur in several crashes of the test VM [14], which then requires resetting the test, with a non-negligible impact on the testing time efficiency.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Cesarano¹,

Cinque²,

Cotroneo³

et al. 2023

Preprint

View full text Add to dashboard Cite

Nowadays, industries are looking into virtualization as an effective means to build safe applications, thanks to the isolation it can provide among virtual machines (VMs) running on the same hardware. In this context, a fundamental issue is understanding to what extent the isolation is guaranteed, despite possible (or induced) problems in the virtualization mechanisms. Uncovering such isolation issues is still an open challenge, especially for hardware-assisted virtualization, since the search space should include all the possible VM states (and the linked hypervisor state), which is prohibitive. In this paper, we propose IRIS, a framework to record (learn) sequences of inputs (i.e., VM seeds) from the real guest execution (e.g., OS boot), replay them as-is to reach valid and complex VM states, and finally use them as valid seed to be mutated for enabling fuzzing solutions for hardware-assisted hypervisors. We demonstrate the accuracy and efficiency of IRIS in automatically reproducing valid VM behaviors, with no need to execute guest workloads. We also provide a proof-of-concept fuzzer, based on the proposed architecture, showing its potential on the Xen hypervisor.

show abstract

Section: Efficiencymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Cesarano¹,

Cinque²,

Cotroneo³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Fuzz testing generates numerous test cases to test target programs repeatedly and monitors the program. Generally, fuzz testing has a queue of seeds, which are the interesting inputs, and new inputs are generated via mutating seeds in an infinite loop [1]. All software consists of blocks and branches from a code coverage perspective.…”

Section: Introductionmentioning

confidence: 99%

A Seed Scheduling Method With a Reinforcement Learning for a Coverage Guided Fuzzing

et al. 2023

View full text Add to dashboard Cite

Seed scheduling, which determines which seed is input to the fuzzer first and the number of mutated test cases that are generated for the input seed, significantly influences crash detection performance in fuzz testing. Even for the same fuzzer, the performance in terms of detecting crashes that cause program failure varies considerably depending on the seed-scheduling method used. Most existing coverage-guided fuzzers use a heuristic seed-scheduling method. These heuristic methods can't properly determine the seed with a high potential to cause the crash; thus, the fuzzer detects the crash inefficiently. Moreover, the fuzzer's crash detection performance is affected by the characteristics of target programs. To address this problem, we propose a general-purpose reinforced seed-scheduling method that not only improves the crash detection performance of fuzz testing but also remains unaffected by the characteristics of the target program. The fuzzer with the proposed method detected the most crashes in all but one of the target programs in which crashes were detected in the experimental results conducted on various programs, and showed better crash detection efficiency than the comparison targets overall.

show abstract

“…With the popularity of Internet of Things (IoT) 1 and blockchain, 2,3 more and more users' data are stored on cloud servers, which raises concerns about privacy 4‐6 . If a user encrypts data before storing it in the cloud, the privacy problem can be solved 7,8 .…”

Section: Introductionmentioning

confidence: 99%

On the security of fully homomorphic encryption for data privacy in Internet of Things

Peng

Wei

Zhu

et al. 2022

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Summary To achieve data privacy in Internet of Things (IoT), fully homomorphic encryption (FHE) technique is used to encrypt the data while allowing others to compute on the encrypted data. However, there are many well‐known problems with FHE such as chosen‐ciphertext attack security and circuit privacy problem. In this article, we demonstrate that a famous FHE application named Brakerski/Fan–Vercauteren scheme, a circuit privacy application based on fast private set intersection, and an encoding application that encodes integer or floating point numbers based on Microsoft Simple Encryption Arithmetic Library homomorphic encryption library, are insecure against chosen ciphertext attacks due to insecurity of the underlying fully homomorphic schemes. These results show that using cryptographic primitives even with security proofs causes serious security vulnerabilities on the applications themselves. The results also give evidences that the security of adopted cryptographic primitives in IoT should be proved in appropriate formal security models as well as proof of the scheme itself.

show abstract

Fuzzing: A Survey for Roadmap

Cited by 107 publications

References 162 publications

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

A Seed Scheduling Method With a Reinforcement Learning for a Coverage Guided Fuzzing

On the security of fully homomorphic encryption for data privacy in Internet of Things

Contact Info

Product

Resources

About