JM233333's Blog
  • Programming Languages

    • C
    • Python
  • Algorithms and Data Structures

    • Data Structure
    • Fundamental Algorithms
    • Graph Theory
  • GNU Toolchain

    • Bash
    • gdb
  • Development Environment

    • Ubuntu
    • QEMU
  • Development Tools

    • Git
    • VSCode
  • Operating Systems

    • Principles of Operating Systems
    • Xv6
    • Linux Kernel
  • Software Testing and Analysis

    • Software Testing
    • Software Analysis
    • Program Verification
  • LeetCode
  • XJTUOJ
  • System

    • System Performance
  • Programming

    • ...
  • Others

    • ...
  • Paper Reading

    • Model Checking
    • Fuzzing
    • Symbolic Execution
  • 3D Game Programming

    • 3D Mathematics

JM233333

弱小可怜又无助的学术废物
  • Programming Languages

    • C
    • Python
  • Algorithms and Data Structures

    • Data Structure
    • Fundamental Algorithms
    • Graph Theory
  • GNU Toolchain

    • Bash
    • gdb
  • Development Environment

    • Ubuntu
    • QEMU
  • Development Tools

    • Git
    • VSCode
  • Operating Systems

    • Principles of Operating Systems
    • Xv6
    • Linux Kernel
  • Software Testing and Analysis

    • Software Testing
    • Software Analysis
    • Program Verification
  • LeetCode
  • XJTUOJ
  • System

    • System Performance
  • Programming

    • ...
  • Others

    • ...
  • Paper Reading

    • Model Checking
    • Fuzzing
    • Symbolic Execution
  • 3D Game Programming

    • 3D Mathematics
  • Reading Papers 00 - Related Works
  • Reading Papers 01 - Model Checking
  • fuzzing

    • Reading Papers - Fuzzing Overview
      • Fuzzing Taxonomy
        • Mutation-Based / Generation-Based
        • Coverage-Based / Directed
        • White-Box / Grey-Box / Black-Box
    • Reading Papers - Black-Box Fuzzing
    • Reading Papers - Grey-Box Fuzzing
    • Reading Papers - White-Box Fuzzing
    • Reading Papers - Directed Fuzzing
    • Reading Papers - Fuzzing Temp
  • symbolic-execution

  • verification

  • Reading Papers 01 - Concurrency Testing
  • Reading Papers 02 - Crash Consistency
  • Reading Papers 10 - System Design
  • Reading Papers 20 - Others
  • others

  • FUCK-ELF
  • paper-reading
  • fuzzing
JM233333
2022-03-01
616

Reading Papers - Fuzzing Overview

Creative Commons

# Fuzzing Taxonomy

# Mutation-Based / Generation-Based

根据输入的生成方式,可以将 fuzzing 分为两类:

  • mutation-based fuzzing 需要从被测程序的一组已知输入(称为 input seed)开始,对这些输入进行 mutate 以生成新的输入,这需要回答 where to mutate 和 what value to use 两个问题。

  • generation-based fuzzing TBD.

# Coverage-Based / Directed

根据测试的目标或者说策略,可以将 fuzzing 分为两类:

coverage-based fuzzing 旨在生成输入以尽可能提高对被测程序的探索度,例如代码覆盖率或路径覆盖率。

  • ?由于覆盖所有的路径是不可能的,此类方法一般会尽可能地探索某些感兴趣的区域,例如优先关照探索次数少的基本块,等等。

directed fuzzing 旨在生成输入以探索被测程序中的一些指定目标,例如到达一组特定的程序点,或探索一组特定的执行路径。

# White-Box / Grey-Box / Black-Box

根据被测程序的可访问性,可以将 mutation-based fuzzing 分为三类:

  • white-box fuzzing 需要被测程序的源码,在 source-level 或编译的 IR-level 执行高级的程序分析。

  • grey-box fuzzing 需要被测程序的二进制代码,在 binary-level 采取轻量级的程序分析或监控。

  • black-box fuzzing 假设我们对被测程序的内部一无所知,将其视为完全的黑盒。


#Research#Paper Reading#Fuzzing

← Reading Papers 01 - Model Checking Reading Papers - Black-Box Fuzzing→

最近更新
01
Linux Kernel 00 - Introduction
08-01
02
Linux Kernel 01 - Build and Run a Tiny Linux Kernel on QEMU
08-01
03
Linux Kernel 01 - Debug the Linux Kernel
08-01
更多文章>
Theme by Vdoing | Copyright © 2019-2022 JM233333 | CC BY-NC-SA 4.0
  • 跟随系统
  • 浅色模式
  • 深色模式
  • 阅读模式