Skip to main content
SpringerLink
Log in

Principled Greybox Fuzzing

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11232))

Included in the following conference series:

  • 1110 Accesses

Abstract

Greybox fuzzing has become one of the most effective approaches for detecting software vulnerabilities. Various new techniques have been continuously emerging to enhance the effectiveness and/or efficiency by incorporating novel ideas into different components of a greybox fuzzer. However, there lacks a modularized fuzzing framework that can easily plugin new techniques and hence facilitate the reuse and integration of different techniques.

To address this problem, we propose a fuzzing framework, namely Fuzzing Orchestration Toolkit (FOT). FOT is designed to be versatile, configurable and extensible. With FOT and its extensions, we have found 111 new bugs from 11 projects. Among these bugs, 18 CVEs were assigned.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI 2008, pp. 209–224 (2008)

    Google Scholar 

  2. Chen, H., et al.: Hawkeye: towards a desired directed grey-box fuzzer. In: CCS (2018)

    Google Scholar 

  3. Google: honggfuzz (2018). https://github.com/google/honggfuzz

  4. Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: ESEC/FSE 2017, pp. 627–637. ACM (2017)

    Google Scholar 

  5. LLVM: libfuzzer (2018). https://llvm.org/docs/LibFuzzer.html

  6. Wang, J., Chen, B., Wei, L., Liu, Y.: Skyfire: data-driven seed generation for fuzzing, pp. 579–594, May 2017. https://doi.org/10.1109/SP.2017.23

  7. Zalewski, M.: American fuzzy lop (2014). http://lcamtuf.coredump.cx/afl/. Accessed 01 Apr 2018

Download references

Author information

Authors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Yuekang Li

Authors
  1. Yuekang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuekang Li .

Editor information

Editors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Jing Sun

  2. Peking University, Beijing, China

    Meng Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Y. (2018). Principled Greybox Fuzzing. In: Sun, J., Sun, M. (eds) Formal Methods and Software Engineering. ICFEM 2018. Lecture Notes in Computer Science(), vol 11232. Springer, Cham. https://doi.org/10.1007/978-3-030-02450-5_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02450-5_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02449-9

  • Online ISBN: 978-3-030-02450-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation