Papers--Fuzzing
on Reading
Paper reading about fuzzing
Paper reading
Fuzzers: A survey
| Easy to start | Priori knowledge | coverage | ability to pass validation | |
|---|---|---|---|---|
| Generation based | hard | needed, hard to acquire | high | strong |
| Mutation based | easy | not needed | low, affected by initial inputs | weak |
| Fuzzers | |
|---|---|
| White box | have access to the source code |
| Gray box | without source code and gain the internal information of target programs through program analysis |
| Black box | without any knowledge on target program internals |
通常采用代码覆盖率来衡量Fuzzing:以基本块为单位作为衡量
- counting the executed basic blocks
- counting the basic block transitions
Ref
[1] Li, J., et al. (2018). “Fuzzing: a survey.” Cybersecurity 1(1).