Fuzzing error handling code using context-sensitive software fault injection [conference paper]
Three computers with locks in a circle illustration

Conference

29th USENIX Security Symposium - August 12-14, 2020

Authors

Zu-Ming Jiang, Jia-Ju Bai, Kangjie Lu (assistant professor), Shi-Min Hu

Abstract

Error handling code is often critical but difficult to test in reality. As a result, many hard-to-find bugs exist in error handling code and may cause serious security problems once triggered. Fuzzing has become a widely used technique for finding software bugs nowadays. Fuzzing approaches mutate and/or generate various inputs to cover infrequently-executed code. However, existing fuzzing approaches are very limited in testing error handling code, because some of this code can be only triggered by occasional errors (such as insufficient memory and network-connection failures), but not specific inputs. Therefore, existing fuzzing approaches in general cannot effectively test such error handling code.

Link to full paper

Fuzzing error handling code using context-sensitive software fault injection

Keywords

security

Share