Detalle del congreso

Autores: Gustavo Grieco; Martín Ceresa; Pablo Buiras.

Resumen: Fuzzing is a technique that involves testing programs using invalidor erroneous inputs. Most fuzzers require a set of valid inputs as astarting point, in which mutations are then introduced. QuickFuzzis a fuzzer that leverages QuickCheck-style random test-case gen-eration to automatically test programs that manipulate common fileformats by fuzzing. We rely on existing Haskell implementations offile-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in thewild and found that the approach is effective in discovering vul-nerabilities in real-world implementations of browsers, image pro-cessing utilities and file compressors among others. In addition, weintroduce a mechanism to automatically derive random generatorsfor the types representing these formats. QuickFuzz handles mostwell-known image and media formats, and can be used to test pro-grams and libraries written in any language.

Tipo de reunión: Simposio.

Tipo de trabajo: Artículo Completo.

Producción: QuickFuzz: an automatic random fuzzer for common file formats.

Reunión científica: International Symposium on Haskell.

Lugar: Nara.

Publicado: Sí

Lugar publicación: New York, NY, USA

Mes de reunión: 9

Año: 2016.

Página web: aquí