Congress detail

Authors: Gustavo Grieco; Martín Ceresa; Pablo Buiras.

Resumen: Fuzzing is a technique that involves testing programs using invalidor erroneous inputs. Most fuzzers require a set of valid inputs as astarting point, in which mutations are then introduced. QuickFuzzis a fuzzer that leverages QuickCheck-style random test-case gen-eration to automatically test programs that manipulate common fileformats by fuzzing. We rely on existing Haskell implementations offile-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in thewild and found that the approach is effective in discovering vul-nerabilities in real-world implementations of browsers, image pro-cessing utilities and file compressors among others. In addition, weintroduce a mechanism to automatically derive random generatorsfor the types representing these formats. QuickFuzz handles mostwell-known image and media formats, and can be used to test pro-grams and libraries written in any language.

Meeting type: Simposio.

Type of job: Artículo Completo.

Production: QuickFuzz: an automatic random fuzzer for common file formats.

Scientific meeting: International Symposium on Haskell.

Meeting place: Nara.

It's published?: Yes

Publication place: New York, NY, USA

Meeting month: 9

Year: 2016.

Link: here