The Art, Science, and Engineering of Fuzzing: A Survey
Abstract
Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.
- Publication:
-
arXiv e-prints
- Pub Date:
- November 2018
- DOI:
- 10.48550/arXiv.1812.00140
- arXiv:
- arXiv:1812.00140
- Bibcode:
- 2018arXiv181200140M
- Keywords:
-
- Computer Science - Cryptography and Security;
- Computer Science - Software Engineering
- E-Print:
- 29 pages, under submission to ACM Computing Surveys (July 2018) - 2018.12.10 update: correct minor mistakes in overview table - 2019.02.16 update: source clean - 2019.04.08: submission to TSE, 21 pages