Explore an innovative approach to hybrid fuzzing in this 16-minute IEEE conference talk. Delve into the challenges of existing hybrid fuzzing techniques and discover how Pangolin addresses these issues through incremental hybrid fuzzing with polyhedral path abstraction. Learn about the obstacles faced by current methods, including inefficiency and non-incremental nature, and understand the importance of preserving constraints. Examine a motivating example that illustrates the goals and challenges of incremental hybrid fuzzing. Gain insights into the proposed solutions, including pruning infeasible paths for constraint solvers and accelerating solving speed for feasible paths. Analyze the evaluation results, focusing on bug detection and the improved efficiency achieved through guided constraint solving. Conclude with key takeaways that highlight the significance of this novel approach in advancing the field of software security testing.
Pangolin - Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
Overview
Syllabus
Intro
Existing direction: Hybrid fuzzing
Obstacle: Hybrid fuzzing is not efficient
Reason: Hybrid fuzzing is not incremental
Observation: Constraints are discarded directly
Observation: Seeds provide limited guidance for further input generation
Motivating example
Goal: Incremental hybrid fuzzing
Challenge: How to preserve the constraints?
Intuition: Interpret the input search space
Existing challenges to generate inputs
Solution 1: prune the infeasible paths for constraint solver
Solution 2: accelerate solving speed for feasible path
Evaluation
Bug detection
How can guided constraint solving improve efficiency?
Key takeaway
Taught by
IEEE Symposium on Security and Privacy
