yuawn/Mediatek-Fuzzing-Workshop

Fuzz Testing

• Black-box

  • binary only

• Grey-box

  • utilize some program information to guide fuzzing

• White-box

  • get a full picture of program
  • e.g, sysbolic

Coverage-Gudided Fuzzing

seed pool -> selsect a seed -> mutation -> run with instrumented binary -> crash

Binary instrumentation

LLVM - ir change *

Sanitizer

https://githum.com/google/sanitizers

ubdefined Behavior sanitizer

memorySanitizer

leak-checjer

Sanitizer - ASAN

heap, stack, global-buffer overflow

• ALF
  • https://github.com/google/AFL
• ALF++
  • https://github.com/AFLplusplus/AFLplusplus
• libfuzzer
  • https://llvm.org/docs/LibFuzzer.html
• syzkaller
  • https://github.com/google/syzkaller

paper

• https://www.comp.nus.edu.sg/~abhik/pdf/CCS16.pdf

• https://www.usenix.org/conference/usenixsecurity19/presentation/lyu

• https://www.google.com/search?client=safari&rls=en&q=optiMin+IssTA+2021&ie=UTF-8&oe=UTF-8

• https://conf.researchr.org/details/issta-2021/issta-2021-technical-papers/41/Toward-Optimal-MC-DC-Test-Case-Generation

• https://conf.researchr.org/details/issta-2021/issta-2021-technical-papers/1/Seed-Selection-for-Successful-Fuzzing

• https://www.usenix.org/conference/usenixsecurity21/presentation/lee-gwangmu

• https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund

• https://arxiv.org/abs/1906.07327

• https://wcventure.github.io/FuzzingPaper/