Abstract | ||
---|---|---|
Black-box mutational fuzzing is a simple yet effective technique to find bugs in software. Given a set of program-seed pairs, we ask how to schedule the fuzzings of these pairs in order to maximize the number of unique bugs found at any point in time. We develop an analytic framework using a mathematical model of black-box mutational fuzzing and use it to evaluate 26 existing and new randomized online scheduling algorithms. Our experiments show that one of our new scheduling algorithms outperforms the multi-armed bandit algorithm in the current version of the CERT Basic Fuzzing Framework (BFF) by finding 1.5x more unique bugs in the same amount of time. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1145/2508859.2516736 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
analytic framework,current version,mathematical model,new randomized online scheduling,new scheduling algorithm,unique bug,multi-armed bandit algorithm,cert basic fuzzing framework,black-box mutational fuzzing,effective technique,software security | Black box (phreaking),Ask price,Fuzz testing,Computer science,Scheduling (computing),Software security assurance,Theoretical computer science,Software,Distributed computing | Conference |
Citations | PageRank | References |
38 | 1.47 | 13 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Maverick Woo | 1 | 173 | 7.47 |
Sang Kil Cha | 2 | 542 | 27.02 |
Samantha Gottlieb | 3 | 38 | 1.47 |
David Brumley | 4 | 2940 | 142.75 |