yuawn/Mediatek-Fuzzing-Workshop
Fuzz Testing
-
Black-box
- binary only
-
Grey-box
- utilize some program information to guide fuzzing
-
White-box
- get a full picture of program
- e.g, sysbolic
Coverage-Gudided Fuzzing
seed pool -> selsect a seed -> mutation -> run with instrumented binary -> crash
Binary instrumentation
LLVM - ir change *
Sanitizer
https://githum.com/google/sanitizers
ubdefined Behavior sanitizer
memorySanitizer
leak-checjer
Sanitizer - ASAN
heap, stack, global-buffer overflow
- ALF
- ALF++
- libfuzzer
- syzkaller
paper
-
https://www.usenix.org/conference/usenixsecurity19/presentation/lyu
-
https://www.google.com/search?client=safari&rls=en&q=optiMin+IssTA+2021&ie=UTF-8&oe=UTF-8
-
https://www.usenix.org/conference/usenixsecurity21/presentation/lee-gwangmu
-
https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund