CIDFuzz: Fuzz testing for continuous integration
نویسندگان
چکیده
As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has a widely used collaborative work method. However, it is common to make changes frequently project during CI. If existing testing methods are applied CI directly, will be difficult resources focus on generated by CI, which results in insufficient for changes. To solve this problem, we propose fuzz method First, differential analysis performed determine the change points added taint source set, static conducted calculate distances between each basic block sources. Then, under test instrumented according distances. During testing, allocated based seed coverage effectively. Using proposed methods, implement CIDFuzz as prototype tool, experiments four open-source projects that use Experimental show that, compared with AFL AFLGo, can reduce time costs of covering up 39.59% 41.64%, respectively. Also, reproducing vulnerabilities 34.78% 25.55%.
منابع مشابه
Automated Whitebox Fuzz Testing
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program...
متن کاملInstrumented Fuzz Testing Using AIR Integers
Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. In this paper, we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions. The AIR integer model either produces a value equivalent to one that would have been obtain...
متن کاملInstrumented Fuzz Testing Using AIR Integers (Whitepaper)
Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. In this paper, we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions. The AIR integer model either produces a value equivalent to one that would have been obtain...
متن کاملAutomatic and lightweight grammar generation for fuzz testing
Blackbox fuzz testing can only test a small portion of code when rigorously checking the well-formedness of input values. To overcome this problem, blackbox fuzz testing is performed using a grammar that delineates the format information of input values. However, it is almost impossible to manually construct a grammar if the input specifications are not known. We propose an alternative techniqu...
متن کاملCAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems
Discovering the security vulnerabilities of commercial off-the-shelf (COTS) operating systems (OSes) is challenging because they not only are huge and complex, but also lack detailed debug information. Concolic testing, which generates all feasible inputs of a program by using symbolic execution and tests the program with the generated inputs, is one of the most promising approaches to solve th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IET Software
سال: 2023
ISSN: ['1751-8806', '1751-8814']
DOI: https://doi.org/10.1049/sfw2.12125