Towards Effective Performance Fuzzing

Yiqun Chen, M. Bradbury, N. Suri
{"title":"Towards Effective Performance Fuzzing","authors":"Yiqun Chen, M. Bradbury, N. Suri","doi":"10.1109/ISSREW55968.2022.00055","DOIUrl":null,"url":null,"abstract":"Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW55968.2022.00055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Fuzzing is an automated testing technique that utilizes injection of random inputs in a target program to help uncover vulnerabilities. Performance fuzzing extends the classic fuzzing approach and generates inputs that trigger poor performance. During our evaluation of performance fuzzing tools, we have identified certain conventionally used assumptions that do not always hold true. Our research (re)evaluates PERFFUZZ [1] in order to identify the limitations of current techniques, and guide the direction of future work for improvements to performance fuzzing. Our experimental results highlight two specific limitations. Firstly, we identify the assumption that the length of execution paths correlate to program performance is not always the case, and thus cannot reflect the quality of test cases generated by performance fuzzing. Secondly, the default testing parameters by the fuzzing process (timeouts and size limits) overly confine the input search space. Based on these observations, we suggest further investigation on performance fuzzing guidance, as well as controlled fuzzing and testing parameters.
迈向有效的性能模糊测试
模糊测试是一种自动化测试技术,它利用在目标程序中注入随机输入来帮助发现漏洞。性能模糊测试扩展了经典的模糊测试方法,并生成触发性能差的输入。在我们对性能模糊测试工具的评估过程中,我们已经确定了某些传统使用的假设并不总是正确的。我们的研究(重新)评估了PERFFUZZ[1],以确定当前技术的局限性,并指导未来改进性能模糊测试的工作方向。我们的实验结果突出了两个特定的局限性。首先,我们确定执行路径的长度与程序性能相关的假设并不总是如此,因此不能反映性能模糊测试生成的测试用例的质量。其次,模糊处理的默认测试参数(超时和大小限制)过度限制了输入搜索空间。基于这些观察结果,我们建议进一步研究性能模糊指导,以及控制模糊和测试参数。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信