IFuzzer: An Evolutionary Interpreter Fuzzer Using Genetic Programming

Created by W.Langdon from gp-bibliography.bib Revision:1.3949

@InProceedings{conf/esorics/VeggalamRHB16,
  title =        "{IFuzzer}: An Evolutionary Interpreter Fuzzer Using
                 Genetic Programming",
  author =       "Spandan Veggalam and Sanjay Rawat and 
                 Istvan Haller and Herbert Bos",
  bibdate =      "2017-05-23",
  bibsource =    "DBLP,
                 http://dblp.uni-trier.de/db/conf/esorics/esorics2016-1.html#VeggalamRHB16",
  booktitle =    "Computer Security - {ESORICS} 2016 - 21st European
                 Symposium on Research in Computer Security, Heraklion,
                 Greece, September 26-30, 2016, Proceedings, Part {I}",
  publisher =    "Springer",
  year =         "2016",
  volume =       "9878",
  editor =       "Ioannis G. Askoxylakis and Sotiris Ioannidis and 
                 Sokratis K. Katsikas and Catherine A. Meadows",
  isbn13 =       "978-3-319-45743-7",
  pages =        "581--601",
  series =       "Lecture Notes in Computer Science",
  keywords =     "genetic algorithms, genetic programming, SBSE, fuzzing
                 system, security vulnerability, evolutionary
                 computing",
  URL =          "https://link.springer.com/chapter/10.1007%2F978-3-319-45744-4_29",
  DOI =          "doi:10.1007/978-3-319-45744-4_29",
  abstract =     "We present an automated evolutionary fuzzing technique
                 to find bugs in JavaScript interpreters. Fuzzing is an
                 automated black box testing technique used for finding
                 security vulnerabilities in the software by providing
                 random data as input. However, in the case of an
                 interpreter, fuzzing is challenging because the inputs
                 are piece of codes that should be
                 syntactically/semantically valid to pass the
                 interpreter's elementary checks. On the other hand, the
                 fuzzed input should also be uncommon enough to trigger
                 exceptional behaviour in the interpreter, such as
                 crashes, memory leaks and failing assertions. In our
                 approach, we use evolutionary computing techniques,
                 specifically genetic programming, to guide the fuzzer
                 in generating uncommon input code fragments that may
                 trigger exceptional behaviour in the interpreter. We
                 implement a prototype named IFuzzer to evaluate our
                 technique on real-world examples. IFuzzer uses the
                 language grammar to generate valid inputs. We applied
                 IFuzzer first on an older version of the JavaScript
                 interpreter of Mozilla (to allow for a fair comparison
                 to existing work) and found 40 bugs, of which 12 were
                 exploitable. On subsequently targeting the latest
                 builds of the interpreter, IFuzzer found 17 bugs, of
                 which four were security bugs.",
}

Genetic Programming entries for Spandan Veggalam Sanjay Rawat Istvan Haller Herbert Bos

Citations