Fuzzing Review and Test Case Prioritization Strategies
EXERCISE #29
1
FUZZING REVIEW
Write your name and answer the following on a piece of paper
I
n
f
u
z
z
i
n
g
,
i
t
i
s
e
a
s
y
t
o
g
e
n
e
r
a
t
e
a
d
d
i
t
i
o
n
a
l
t
e
s
t
c
a
s
e
s
f
o
r
a
n
a
n
a
l
y
s
i
s
t
a
r
g
e
t
.
W
h
a
t
a
r
e
s
o
m
e
o
f
t
h
e
s
t
r
a
t
e
g
i
e
s
f
o
r
p
r
i
o
r
i
t
i
z
i
n
g
w
h
i
c
h
t
e
s
t
c
a
s
e
t
o
r
u
n
n
e
x
t
?
ADMINISTRIVIA
AND
ANNOUNCEMENTS
SYMBOLIC EXECUTION
EECS 677: Software Security Evaluation
Drew Davidson
WHERE WE’RE AT
DYNAMIC ANALYSIS
4
Generating test cases
5
PREVIOUSLY: FUZZING
OUTLINE / OVERVIEW
G
ENERATING
R
ANDOM
TEST
CASES
Surprisingly effective in practice
The random “fuzz” of white noise
Main challenge is exploring “new” behavior
6
RESEARCH DIRECTION: “GUNKING”
FUZZING
F
UZZING
AS
ADVERSARIAL
RECON
Fuzzing is so good at finding bugs that even the bad guys do it
P
ERHAPS
A
PROGRAM
SHOULD
DEPLOY
A
NTI
-F
UZZING
TECH
What would that look like?
7
THIS LECTURE: SYMBOLIC EXECUTION
OUTLINE / OVERVIEW
A
METHODICAL
APPROACH
TO
“
ABSTRACT
”
EXECUTION
8
RECALL: TEST CASE GENERATION
SYMBOLIC EXECUTION
9
THE PROBLEM OF COVERAGE
SYMBOLIC EXECUTION
10
PREDICATES GET IN THE WAY!
SYMBOLIC EXECUTION
11
ELIMINATING INFEASIBLE PATHS
SYMBOLIC EXECUTION
12
THE MAGIC OF THE SOLVER
SYMBOLIC EXECUTION
13
THE SYMBOLIC EXECUTION TREE
SYMBOLIC EXECUTION
14
SOUNDNESS / COMPLETENESS
SYMBOLIC EXECUTION
WRAP-UP
SYMBOLIC EXECUTION
15
A simple, elegant idea
Fuzzing is an effective method for generating additional test cases in software analysis. Various strategies can be used to prioritize which test case to run next, such as code coverage-based prioritization, input diversity prioritization, and impact analysis prioritization.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
EXERCISE #29 FUZZING REVIEW Write your name and answer the following on a piece of paper In fuzzing, it is easy to generate additional test cases for an analysis target. What are some of the strategies for prioritizing which test case to run next? 1
ADMINISTRIVIA AND ANNOUNCEMENTS
SYMBOLIC EXECUTION EECS 677: Software Security Evaluation Drew Davidson
4 WHERE WE RE AT DYNAMIC ANALYSIS Generating test cases
5 PREVIOUSLY: FUZZING OUTLINE / OVERVIEW GENERATING RANDOMTESTCASES Surprisingly effective in practice Main challenge is exploring new behavior The random fuzz of white noise
6 RESEARCH DIRECTION: GUNKING FUZZING FUZZINGASADVERSARIALRECON Fuzzing is so good at finding bugs that even the bad guys do it PERHAPSAPROGRAMSHOULDDEPLOY ANTI-FUZZINGTECH What would that look like?
7 THIS LECTURE: SYMBOLIC EXECUTION OUTLINE / OVERVIEW A METHODICALAPPROACHTO ABSTRACT EXECUTION
8 RECALL: TEST CASE GENERATION SYMBOLIC EXECUTION
9 THE PROBLEM OF COVERAGE SYMBOLIC EXECUTION
10 PREDICATES GET IN THE WAY! SYMBOLIC EXECUTION
11 ELIMINATING INFEASIBLE PATHS SYMBOLIC EXECUTION
12 THE MAGIC OF THE SOLVER SYMBOLIC EXECUTION
13 THE SYMBOLIC EXECUTION TREE SYMBOLIC EXECUTION
14 SOUNDNESS / COMPLETENESS SYMBOLIC EXECUTION
15 WRAP-UP SYMBOLIC EXECUTION A simple, elegant idea
