ABSTRACT
Fuzzing is a powerful software security testing technique. It can be automated and can test programs with many randomly generated fuzzing inputs to trigger overlooked bugs. Libraries and functions are commonly used by programmers to be directly cal…
See full abstracts, authors, references, citations & other publication information.
+
…led from their programs. However, most programmers would simply use public libraries without doubting whether these libraries are secure or not.To help with it, library fuzzing has been proposed.Fuzzing a whole program is very common, however, fuzzing a standalone function or library is challenging. Different from an executable program, functions cannot be run on themselves. In addition, randomly generating certain parameters might break the relationships between parameters and therefore result in a large number of false positives.There has been not much research in the area of library fuzzing. However, library or function fuzzing could be a very useful testing tool for programmers and developers. This paper reviews the recent research work related to library fuzzing and function fuzzing. The results may be helpful to any researchers who plan to explore this research area.
Full Text/Reference Website: https://www.cscjournals.org/library/manuscriptinfo.php?mc=IJCSS-1688
AUTHORS
Dr. Jia Song – Computer Science Department, University of Idaho, Moscow, Idaho, 83844 – United States of America
KEYWORDS
Fuzzing, Library Fuzzing, Software Testing, Function Fuzzing.
Indexing Keywords: A Review on Library Fuzzing Tools, Library Fuzzing Tools, A Review on Fuzzing Tools, Library Fuzzing Tools Review.
Pages: 70-78
Revised: 31-10-2022
Published: 01-12-2022Published in International Journal of Computer Science and Security (IJCSS).
Volume: 16
Issue: 5
Publication Date: 01-12-2022
*Randomly selected references used in the publication “A Review on Library Fuzzing Tools”.
- Bastani, O., Sharma, R., Aiken, A., and Liang, P. (2017). Synthesizing program input grammars. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, pages 95-110, New York, NY, USA. ACM.
- Godefroid, P. (2014). Micro execution. In Proceedings of the 36th International Conference on Software Engineering, ICSE 2014, pages 539-549, New York, NY, USA. Association for Computing Machinery.
- Godefroid, P., Levin, M. Y., and Molnar, D. (2012). Sage: Whitebox fuzzing for security testing. Queue, 10(1):20:20-20:27.
- Godefroid, P., Peleg, H., and Singh, R. (2017). Learn&fuzz: Machine learning for input fuzzing. In Proceedings of the 32Nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, pages 50-59, Piscataway, NJ, USA. IEEE Press.
- Goodman, P. and Groce, A. (2018). Deepstate: Symbolic unit testing for c and c++.
- Hoschele, M., Kampmann, A., and Zeller, A. (2017). Active learning of input grammars. CoRR, abs/1708.08731.
- Hoschele, M. and Zeller, A. (2016). Mining input grammars from dynamic taints. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, pages 720-725, New York, NY, USA. ACM.
- Jones, D. (2011). Trinity: Linux system call fuzzer. https://github.com/Cr4sh/ioctlfuzzer.
- Kcov. (2011). kcov – code coverage analysis for compiled programs and python scripts. https://manpages.debian.org/unstable/kcov/kcov.1.en.html.
- Bekrar, S., Bekrar, C., Groz, R., and Mounier, L. (2012). A taint based approach for smart fuzzing. In 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation, pages 818-825.
CITATIONS
Citations used in the publication “A Review on Library Fuzzing Tools”.
Currently there are no citations collected for this publication at scholarlyabstracts.com.
-
CONTACT US
Please feel free to us at scholarlyabstracts@gmail.com if you wish to:
- Get your journal, conference or thesis, registered with us.
- Update this publication content.