| |||||||
ShanghaiTech University Knowledge Management System
| IntelliGen: Automatic Driver Synthesis for Fuzz Testing | |
| 2021 | |
| 会议录名称 | 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2021)
 |
| ISSN | 0270-5257 |
| 页码 | 318-327 |
| 发表状态 | 已发表 |
| DOI | 10.1109/ICSE-SEIP52600.2021.00041 |
| 摘要 | Fuzzing is a technique widely used in vulnerability detection. The process usually involves writing effective fuzz driver programs, which, when done manually, can he extremely labor intensive. Previous attempts at autmiation leave much to he desired, in either degree. of automation or quality of output. In this paper, we propose IntelliGen, a framework that constructs valid fuzz drivers automatically. First, IntelliGen determines a set of entry functions and evaluates their respective chance of exhibiting a vulnerability.. Then, IntelliGen generates fuzz drivers for the entry functions through hierarchical parameter replacement and type inference. We implemented InielliGen and evaluated its effectiveness on rval-worid programs selected from the Android Open-Source Project, Ginigle's fuzzer-test-suite and industrial collaborators. Intel/Wen covered on average 1.08x-2.03x more basic blocks and 1.36x-2.06x more paths over state-of-he-art fuzz driver synthesizers FUDGE and FuzzGen. IntelliGen performed on par with manually written drivers and found 10 more hugs. |
| 会议录编者/会议主办者 | IEEE, Assoc Comp Machinery, IEEE Comp Soc, IEEE Tech Council Software Engn, ACM SIGSOFT ; Association for Computing Machinery (ACM) ; IEEE Computer Society ; IEEE Technical Council on Software Engineering (TCSE) ; Special Interest Group on Software Engineering (SIGSOFT) |
| 关键词 | Fuzz Testing Fuzz Driver Synthesis Software Analysis Vulnerability Detection Open source software Degrees of automation Driver program Fuzz driver synthesis Labour intensive Open source projects Real world projects Software analysis Type inferences Vulnerability detection |
| 会议名称 | 43rd IEEE/ACM International Conference on Software Engineering - Software Engineering in Practice (ICSE-SEIP) / 43rd ACM/IEEE International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER) |
| 会议地点 | ELECTR NETWORK |
| 会议日期 | MAY 25-28, 2021 |
| URL | 查看原文 |
| 收录类别 | CPCI-S ; CPCI ; EI |
| 语种 | 英语 |
| WOS记录号 | WOS:000684234800033 |
| 出版者 | IEEE COMPUTER SOC |
| EI入藏号 | 20213910950462 |
| EI主题词 | Software testing |
| EI分类号 | 723 Computer Software, Data Handling and Applications ; 723.5 Computer Applications |
| 原始文献类型 | Proceedings Paper |
| 来源库 | IEEE |
| 引用统计 | 正在获取...
|
| 文献类型 | 会议论文 |
| 条目标识符 | https://kms.shanghaitech.edu.cn/handle/2MSLDSTB/128008 |
| 专题 | 信息科学与技术学院_硕士生 |
| 作者单位 | 1.KLISS, BNRist, School of Software, Tsinghua Universiy 2.ShanghaiTech University 3.Huawei Technologies Co. Ltd, Beijing, China |
| 推荐引用方式 GB/T 7714 | Mingrui Zhang,Jianzhong Liu,Fuchen Ma,et al. IntelliGen: Automatic Driver Synthesis for Fuzz Testing[C]//IEEE, Assoc Comp Machinery, IEEE Comp Soc, IEEE Tech Council Software Engn, ACM SIGSOFT, Association for Computing Machinery (ACM), IEEE Computer Society, IEEE Technical Council on Software Engineering (TCSE), Special Interest Group on Software Engineering (SIGSOFT):IEEE COMPUTER SOC,2021:318-327. |
| 条目包含的文件 | 下载所有文件 | |||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
修改评论
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。