CISPA
Browse
- No file added yet -

Shaping Test Inputs in Grammar-Based Fuzzing

Download (1.14 MB)
conference contribution
posted on 2024-09-24, 12:05 authored by José Antonio Zamudio AmayaJosé Antonio Zamudio Amaya
Fuzzing is an essential method for finding vulnerabilities. Conventional fuzzing looks across a wide input space, but it cannot handle systems that need intricate and specialized input patterns. Grammar-based fuzzing uses formal grammars to shape the inputs the fuzzer generates. This method is crucial for directing fuzzers to generate complicated inputs that adhere to syntactical requirements. However, existing approaches are biased towards certain input features, leading to significant portions of the solution space being under-explored or ignored. In this paper, we review the state-of-the-art methods, emphasizing the limitations of grammar-based fuzzing, and we provide a first approach for incorporating distribution sampling into fuzzing, accompanied by encouraging first findings. This work can represent a significant step towards achieving comprehensive input space exploration in grammar-based fuzzing, with implications for enhancing the robustness and reliability of the fuzzing targets.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

International Symposium on Software Testing and Analysis (ISSTA)

Journal

Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages

5

Page Range

1901-1905

Publisher

Association for Computing Machinery

BibTeX

@conference{Zamudio Amaya:2024, title = "Shaping Test Inputs in Grammar-Based Fuzzing", author = "Zamudio Amaya, José Antonio", year = 2024, month = 9, journal = "Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis", pages = "1901--1905", publisher = "Association for Computing Machinery", doi = "10.1145/3650212.3685553" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC