QuickFuzz: an automatic random fuzzer for common file formats

Gustavo Grieco, Martín Ceresa, Pablo Buiras
{"title":"QuickFuzz: an automatic random fuzzer for common file formats","authors":"Gustavo Grieco, Martín Ceresa, Pablo Buiras","doi":"10.1145/2976002.2976017","DOIUrl":null,"url":null,"abstract":"Fuzzing is a technique that involves testing programs using invalid or erroneous inputs. Most fuzzers require a set of valid inputs as a starting point, in which mutations are then introduced. QuickFuzz is a fuzzer that leverages QuickCheck-style random test-case generationto automatically test programs that manipulate common file formats by fuzzing. We rely on existing Haskell implementations of file-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in the wild and found that the approach is effective in discovering vulnerabilities in real-world implementations of browsers, image processing utilities and file compressors among others. In addition, we introduce a mechanism to automatically derive random generators for the types representing these formats. QuickFuzz handles most well-known image and media formats, and can be used to test programs and libraries written in any language.","PeriodicalId":20669,"journal":{"name":"Proceedings of the 9th International Symposium on Haskell","volume":"118 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2016-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"46","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 9th International Symposium on Haskell","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976002.2976017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 46

Abstract

Fuzzing is a technique that involves testing programs using invalid or erroneous inputs. Most fuzzers require a set of valid inputs as a starting point, in which mutations are then introduced. QuickFuzz is a fuzzer that leverages QuickCheck-style random test-case generationto automatically test programs that manipulate common file formats by fuzzing. We rely on existing Haskell implementations of file-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in the wild and found that the approach is effective in discovering vulnerabilities in real-world implementations of browsers, image processing utilities and file compressors among others. In addition, we introduce a mechanism to automatically derive random generators for the types representing these formats. QuickFuzz handles most well-known image and media formats, and can be used to test programs and libraries written in any language.
QuickFuzz:通用文件格式的自动随机模糊器
模糊测试是一种使用无效或错误输入测试程序的技术。大多数模糊器需要一组有效的输入作为起点,然后在其中引入突变。QuickFuzz是一个模糊测试器,它利用quickcheck风格的随机测试用例生成,通过模糊测试来自动测试操作通用文件格式的程序。我们依赖于在Hackage(社区驱动的Haskell代码存储库)上找到的现有的Haskell文件格式处理库的实现。我们已经在野外尝试了QuickFuzz,并发现该方法在发现浏览器、图像处理实用程序和文件压缩器等实际实现中的漏洞方面非常有效。此外,我们还引入了一种机制,为表示这些格式的类型自动派生随机生成器。QuickFuzz处理大多数知名的图像和媒体格式,并可用于测试用任何语言编写的程序和库。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信